Okay, so you are a Win32 emulator…

2011-10-01

Gabor Szappanos

VirusBuster, Hungary

Editor: Helen Martin

Abstract

There has already been extensive research into the plethora of tricks used by contemporary malware and executable protectors with the purpose of breaking debuggers and emulators. Unfortunately malware authors are aware of such research efforts and the countermeasures introduced by engine developers. They are also pretty much aware of the capabilities of AV emulators, and are ready and prepared to deploy tricks to overcome them. Gabor Szappanos looks at a small cross-section of the threat landscape.

The full article is available to registered users. Click here for free registration or, if you already are a registered user, login to access the full article.

Magazine


	October 2011 PDF Please register to download the PDF Kindle Please register to download the Kindle PRC Comment Why there’s no one test to rule them all News Figures show importance of patching Drop in vulnerability disclosures Malware prevalence report August 2011 Malware analyses A new BIOS rootkit spreads in China Hard disk woes Asynchronous Harakiri++ Technical feature Okay, so you are a Win32 emulator… Comparative review VB100 Comparative review on Windows 2003 Server R2 Calendar Anti-malware industry events See also Virus Bulletin archives How to become a subscriber Reprints

Quick Links

Poll

Does your company allow you to use a personal laptop/mobile device to access company resources?
Leave a comment
View 2 comments

Jobs


	In Virus Bulletin's jobs pages among others: Technical project analyst (m/f) for our Protection Team (Tettnang, Germany) Senior Security Manager - Vulnerability Research (Santa Clara, CA, United States)

Virus Bulletin currently has 225,307 registered users.

Fighting malware and spam

Okay, so you are a Win32 emulator…

Gabor Szappanos

PDF

Kindle

Comment

News

Malware prevalence report

Malware analyses

Technical feature

Comparative review

Calendar

See also