-
Notifications
You must be signed in to change notification settings - Fork 14
Binary Padding
Veramine edited this page Apr 21, 2017
·
1 revision
Some security tools inspect files with static signatures to determine if they are known malicious. Adversaries may add data to files to increase the size beyond what security tools are capable of handling or to change the file hash to avoid hash-based blacklists. You can read more about this attacker technique at https://attack.mitre.org/wiki/Technique/T1009.
The majority of the Veramine detection algorithms rely on the behavior of the process or user being evaluated. At the moment, every binary is evaluated by a rudimentary binary analysis pipeline including scanning by anti-malware products but the primary detection value of our product is in behavioral analysis and not static analysis.