Qualys Vulnerabliity & Malware Research Labs (VMRL)
Blackhat 2012 Presentation Samples
TiTle: A Scientific (but non academic) study of how malware employs anti-debugging, anti-disassembly and anti-virtualization technologies
Authors: Rodrigo Rubira Branco - rbranco NOSPAM qualys.com Gabriel Negreira Barbosa - gbarbosa NOSPAM qualys.com Pedro Drimel Neto - pdrimel NOSPAM qualys.com
The samples are divided in four categories: Anti-Debugging Anti-Disassembly Obfuscation Anti-VM
Anti-Debugging POCs were developed in C/C++ using Visual Studio 2010 and Assembly with Flat Assembler, they are in the folder Csrc and ASMsrc, respectively.
Anti-Disassembly and Obfuscation POCs were developed in Assembly with Flat Assembler and are available in the folder ASMsrc.
Anti-VM POCs were developed in C/C++ using Visual Studio 2010 and is available in the Csrc folder.