Obfuscation

Malware builds sensitive strings character-by-character on the stack at runtime so they never appear as static literals in the binary, defeating simple string-search analysis.

Malware replaces imported function names with pre-computed hash values and resolves addresses at runtime by walking the PE export table, hiding API usage from static analysis.

Storing strings XOR-encrypted and decrypting them on demand at runtime so that static tools and `strings` reveal nothing useful about the binary's behavior.

Replacing a function's natural branching with a single dispatcher loop driven by a state variable, destroying the original control-flow graph that decompilers rely on.

Inserting conditional branches whose outcome is known at obfuscation time but hard to resolve statically, breaking control-flow recovery in disassemblers and decompilers.