Submit Release
News Search

There were 141 press releases posted in the last 24 hours and 397,067 in the last 365 days.

Got News to Share? Send 2 FREE Releases

Themida and VMProtect-Protected Malware Can Be Analyzed to Expose Its Crucial Information

DUBAI, DUBAI, UNITED ARAB EMIRATE , June 18, 2024 /EINPresswire.com/ -- ANY.RUN, a leading provider of cybersecurity solutions, published research on the use of popular code protectors, Themida and VMProtect, in malware and their effectiveness in concealing malicious functionality.

๐“๐ก๐ž๐ฆ๐ข๐๐š ๐š๐ง๐ ๐•๐Œ๐๐ซ๐จ๐ญ๐ž๐œ๐ญ ๐ข๐ง ๐Œ๐š๐ฅ๐ฐ๐š๐ซ๐ž
Malware authors often employ protectors like Themida and VMProtect in an attempt to prevent analysts from reverse engineering malicious code.

These protectors allow malware developers to use sophisticated techniques to hide malicious functionality, including through code virtualization, obfuscation, anti-debugging, compression, and encryption.

๐€๐ง๐š๐ฅ๐ฒ๐ฌ๐ข๐ฌ ๐จ๐Ÿ ๐๐ซ๐จ๐ญ๐ž๐œ๐ญ๐ž๐ ๐Œ๐š๐ฅ๐ฐ๐š๐ซ๐ž ๐’๐š๐ฆ๐ฉ๐ฅ๐ž๐ฌ ๐›๐ฒ ๐€๐๐˜.๐‘๐”๐ ๐ญ๐ž๐š๐ฆ
The research team at ANY.RUN analyzed six samples from different malware families that use Themida and VMProtect. The analysts found that none of the samples used code virtualization, making the analysis process much simpler.

Only one sample had anti-debugging enabled, and the malware code itself was largely unprotected, except for the initial stages of compression and decryption. This enabled the team to extract crucial information from malware samplesโ€™ code, including command-and-control (C2) addresses, important strings, etc.

๐ˆ๐ฆ๐ฉ๐ฅ๐ข๐œ๐š๐ญ๐ข๐จ๐ง๐ฌ ๐Ÿ๐จ๐ซ ๐‚๐ฒ๐›๐ž๐ซ๐ฌ๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ ๐๐ซ๐จ๐Ÿ๐ž๐ฌ๐ฌ๐ข๐จ๐ง๐š๐ฅ๐ฌ
The research findings highlight a clear trend: most malware families overlook crucial features like virtualization, making reverse engineering significantly easier. In essence, these families use protectors as basic packers, providing minimal obstruction to analysis.

Learn more details about the research on ANY.RUNโ€™s blog.

๐€๐›๐จ๐ฎ๐ญ ๐€๐๐˜.๐‘๐”๐
ANY.RUN's suite of cybersecurity products includes an interactive sandbox and a Threat Intelligence portal. Serving 400,000 professionals around the world, the sandbox offers a streamlined approach to analyzing malware families that target both Windows and Linux systems. Meanwhile, ANY.RUN's Threat Intelligence services, which include Lookup, Feeds, and YARA Search, enable users to quickly gather information about threats and respond to incidents with greater speed and precision.

Veronika Trifonova
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
X
YouTube

You just read:

Themida and VMProtect-Protected Malware Can Be Analyzed to Expose Its Crucial Information

Distribution channels: Companies, Electronics Industry, IT Industry, Technology


EIN Presswire's priority is source transparency. We do not allow opaque clients, and our editors try to be careful about weeding out false and misleading content. As a user, if you see something we have missed, please do bring it to our attention. Your help is welcome. EIN Presswire, Everyone's Internet News Presswireโ„ข, tries to define some of the boundaries that are reasonable in today's world. Please see our Editorial Guidelines for more information.

Submit your press release