all InfoSec news
Defeating VMProtect’s Latest Tricks
Malware Analysis, News and Indicators - Latest topics malware.news
A colleague of mine recently came across a SystemBC sample that is protected with VMProtect 3.6 or higher. VMProtect is a commercial packer that comes with advanced anti-debugging and VM detection capabilities. It also employs code virtualization – a technique where normal machine code is translated into a proprietary bytecode language that is interpreted at runtime – which makes it very hard to determine the exact logic implemented by the code. ScyllaHide, our anti-anti-debug tool of choice, was not …
advanced anti-debugging bytecode capabilities code commercial debug debugging debug tool detection hard higher language latest logic machine malware analysis packer runtime systembc tool virtualization