Reply to thread

Message

<blockquote data-quote="Trident" data-source="post: 1096352" data-attributes="member: 99014">Time-based malware can potentially fool dynamic analysis (where portions of the file are executed in memory), or full blown emulation, where the whole file is executed and monitored.Although vendors take care to “trick” the malware and perform the so called push-forward emulation, some attackers may be more clever than others. For example, instead of checking the local system time, they can query a server.Time-based tactics don’t affect other detection technologies.Whether or not the malware will be detected would ultimately depend on what other tactics the malware authors have employed, such as packaging.Certain products also use much more aggressive heuristics on files originating from the web and/or age + popularity (reputation heuristics). Some products use aggressive yara rules and/or memory content checks, where evasion tactics may be detected. There are loads of variables.</blockquote>

[QUOTE="Trident, post: 1096352, member: 99014"] Time-based malware can potentially fool dynamic analysis (where portions of the file are executed in memory), or full blown emulation, where the whole file is executed and monitored. Although vendors take care to “trick” the malware and perform the so called push-forward emulation, some attackers may be more clever than others. For example, instead of checking the local system time, they can query a server. Time-based tactics don’t affect other detection technologies. Whether or not the malware will be detected would ultimately depend on what other tactics the malware authors have employed, such as packaging. Certain products also use much more aggressive heuristics on files originating from the web and/or age + popularity (reputation heuristics). Some products use aggressive yara rules and/or memory content checks, where evasion tactics may be detected. There are loads of variables. [/QUOTE]

Verification