↓ Archives ↓

Archive → December, 2009

Malware Tricks I

Today, while analyzing a family of malwares (the familiy called by some vendors as “Krap”) I noticed a good and new, at least for me, antiemulation technique. What do you think this sample code does?

some_func:
  ; Do stuff...

start:
   push offset some_func
   jmp edx

Continue reading →