---

Common Malware Obfuscation Techniques

2024-07-22 21:46:14
Covering three basic code obfuscation techniques to evade AV.

Disclaimer

All content in this article is posted for research purposes. I am not responsible for any misuse of the material hosted here. Follow the local and federal laws in your area.

Techniques

• Base64 Encoding
• Take the entire codebase (meaning each individual source file), and run it through a base64 encoder. Optimally each file would be placed in different strings in the destination as a variables. These should be run in another program as a sort of base64 executor, which would decode the base64 strings and run them as the original program.
• Most mainstream programming languages have pre-existing modules to do this.
• C
• Python
• Variable Name Obfuscation
• Ideally, you would rename the variables and functions to generic things, like f1, f2, f3, v1, v2, v3, etc. The use of a premade algorithm or an LLM to do this for you would be better.
• Example LLM prompt:

{code base goes here}

Replace all variable and function names by randomly generated character and number combinations.

• Function Cramming
• This would be the act of adding decoy/useless functions that get called throughout the code in order to further obfuscate what the program is really doing. Once again, an algorithm or LLM would be the easiest way to accomplish this.

Independently and on their own, these are useful. In conjunction, these are effective. They aren't hard things to do. Test it for yourself (in a legal setting) and see.

---

Check out these notes...

---