Obfuscation
Control-flow flattening, opaque predicates, virtualization and string/data encoding.
Obfuscationintermediate
Malware resolves API addresses by walking the PEB loader module list and parsing each DLL's export table at runtime instead of relying on the import address table.
windows
Obfuscationadvanced
Malware rewrites simple operations and constants as tangled mixes of arithmetic and bitwise operators that compute the same value, defeating constant propagation and symbolic expression analysis.
windowslinuxmacos
Obfuscationintermediate
Obfuscators interleave semantically inert instruction sequences — dead code and NOP-equivalents — among real logic to bloat binaries, confuse disassembly, and break byte-pattern signatures.
windowslinuxmacos
Obfuscationintermediate
An obfuscation pass replaces simple instructions with longer functionally-equivalent sequences — e.g. add becomes a push/pop/lea or sub/neg chain — to break signatures and obscure intent.
windowslinuxmacos
Obfuscationbeginner
Malware builds sensitive strings character-by-character on the stack at runtime so they never appear as static literals in the binary, defeating simple string-search analysis.
windowslinuxmacos
Obfuscationintermediate
Malware replaces imported function names with pre-computed hash values and resolves addresses at runtime by walking the PE export table, hiding API usage from static analysis.
windows
Obfuscationbeginner
Storing strings XOR-encrypted and decrypting them on demand at runtime so that static tools and `strings` reveal nothing useful about the binary's behavior.
windowslinuxmacos
Obfuscationadvanced
Replacing a function's natural branching with a single dispatcher loop driven by a state variable, destroying the original control-flow graph that decompilers rely on.
windowslinuxmacos
Obfuscationadvanced
Inserting conditional branches whose outcome is known at obfuscation time but hard to resolve statically, breaking control-flow recovery in disassemblers and decompilers.
windowslinuxmacos
Obfuscationbeginner
Sensitive strings are stored as RC4 ciphertext inside the binary and decrypted on demand with an embedded key, keeping URLs, API names, and config out of static string output.
windowslinuxmacos