Common Malware Techniques

Understanding common techniques aids analysis:

Obfuscation Methods:

Packing: UPX, Themida, VMProtect
Encryption: Custom algorithms, XOR encoding
Anti-debugging: IsDebuggerPresent, timing checks
Anti-VM: Hardware detection, VM artifacts
Code Injection: Process hollowing, SetWindowsHookEx

Persistence Mechanisms:

; Common persistence locations
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\System\CurrentControlSet\Services
HKCU\Environment\UserInitMprLogonScript

; Scheduled tasks
C:\Windows\System32\Tasks

Communication Methods:

HTTP/HTTPS beaconing
DNS tunneling
IRC channels
Peer-to-peer networks
Social media platforms
Cloud storage services