Solarquest

Level 33
Verified
Staff member
Malware Hunter
In case of MBR, VBR I'm just not sure if a HD back up with a program that backups also the MBR would be enough/really copy the whole MBR of just parts of it/partition infos... Anybody knows this?;)
 
  • Like
Reactions: Wave

vemn

Level 6
Malware Hunter
I still don't understand what you mean, but I will try to guess...

1. AV software incorporates both static and dynamic identification methods usually; static analysis can include checksum hash detection and the static heuristics (generic detection through bytes in the PE compared to a database for byte detection, scanning of the Import Address Table, checking the PE File Header for suspicious characteristics, etc.), whereas the dynamic analysis can include logging the behavior of the running sample to catch out suspicious/malicious behavior to help it determine whether it should block the sample or not.

Static = without execution (so on disk "as-is")
Dynamic = during execution

2. AV software can detect if a program is going to check for signs of a virtual environment through byte detection as long as the sample is naked (e.g. no packing/obfuscation otherwise that would be bypassed) however this would cause FPs since some genuine software does this too, however it can also do it dynamically although it seems the vendors don't bother checking this dynamically...

Maybe that helped?
Always impressed with your knowledge.
Thumbs up!
 
  • Like
Reactions: Wave