Today, I published the following diary on isc.sans.edu: “Show me All Your Windows!“:
It’s a key point for attackers to implement anti-debugging and anti-analysis techniques. Anti-debugging means the malware will try to detect if it’s being debugged (executed in a debugger or its execution is slower than expected). Anti-analysis refers to techniques to detect if the malware is detonated in a sandbox or by a malware analyst. In such cases, tools run in parallel with the malware to collect live data (packets, API calls, files, or registry activity)… [Read more]