Investigation of a new undocumented instruction trick – Microsoft Malware Protection Center – Site Home – TechNet Blogs

While investigating some new malware samples this week, we came across a few interesting files that use a new trick with an undocumented instruction. We had to do a bit of digging around the Intel instructions list to solve this little mystery. While it turned out that the trick itself isn’t effective in complicating debugging and disassembly, we think it’s worth sharing anyway, as we’re now seeing three different malware variants using it.

via Investigation of a new undocumented instruction trick – Microsoft Malware Protection Center – Site Home – TechNet Blogs.

Leave a Reply

Your email address will not be published. Required fields are marked *