I recently published my analysis on the Netwalker Ransomware, which included the deobfuscation step Check it here. I think that (de)obfuscation techniques is an interesting subject, so I decided to write a little bit more about it.
There are basically two types of obfuscation techniques:
- Binary Level: These are binary transformations to hide instructions and data inside binaries. It is usually implemented by binary packers, often used by malware.
- Source Code Level: These are source code transformations to hide the program's statements. These are often used by malicious scripts.
In this draft, I will consider only the last case.