Professional Documents
Culture Documents
We Are Just Describing How Internal Algorithm Should Be For Any Firmware or Software Anti-Malicious Product?
We Are Just Describing How Internal Algorithm Should Be For Any Firmware or Software Anti-Malicious Product?
We Are Just Describing How Internal Algorithm Should Be For Any Firmware or Software Anti-Malicious Product?
Apply Compiler type algorithm for any JUMP instruction that whether it
will end or not.
If MOV SEG_REG, X is there
Than make sure X is not in the sheltered memory
space.
For replicated malware
Use Check Sum technique.
this is how Scan Engine of Anti-Malicious works in its running mode when it
deals with Assembly.
Verifier Engine
Verifier mode works based on Attack Database of anti-virus product.
There are two types of mode
1. For each file F check every signature S
2. For every signature S check all files F.
Both have its advantages & disadvantages