Malicious Streams

Reverse Engineering

Simple Method For Defeating Automated Analysis Tools

When analyzing a recent sample of koobface, I came across the following snippet.



At first glance it was easy to see that the names of some very common libraries/functions were split across multiple strings followed by an indirect call to LoadLibrary. Simple to see from manual inspection but most automated tools would blow past without identification. A simple but effective anti-analysis technique.