Behavioral and code analysis
Identification and containment analysis
Registry and file system analysis
User and kernel mode analysis
Installing software updates that address vulnerabilities in installed software.
Setting memory breakpoints by modifying access flags on memory segments.
Stepping through the executable without running every instruction within function calls.
Modifying a compiled executable to change its functionality without having to recompile it.
Inserting junk code instructions
Employing polarization techniques
Making use of "tricky" jump instructions
Detecting the presence of a debugger
Employing fast-flux DNS techniques
Embedding an imports table in the malicious executable
Targeting client-side vulnerabilities
Packing the malicious executable
Point of Origin
Thread Origination Point