{"id":1312,"date":"2015-08-19T09:11:12","date_gmt":"2015-08-19T01:11:12","guid":{"rendered":"http:\/\/staging.bankvaultonline.com\/?p=1312"},"modified":"2015-08-19T09:11:12","modified_gmt":"2015-08-19T01:11:12","slug":"viruses-polymorphic-code-2","status":"publish","type":"post","link":"https:\/\/www.bankvault.com\/viruses-polymorphic-code-2\/","title":{"rendered":"How Viruses Hide: Self Encryption"},"content":{"rendered":"<p><strong>Viruses encrypt themselves to avoid signature detection in 3 common ways<\/strong>.<\/p>\n<p>The first is an older and very small footprint type of encryption that uses the <strong>XOR cipher<\/strong>.<\/p>\n<p>A <strong>XOR cipher<\/strong> is a simple form of encoding that encrypts the input by a using a simple key that is XORed against the input to create an output. It\u2019s a simple and fast way of encoding that doesn\u2019t require its own, separate algorithm to decipher it. A virus maker might XOR each byte in a virus with some sort of constant value so that it only has to be repeated to decrypt the virus. In this way the virus remains hidden but can be unpacked and used simply.<\/p>\n<p>A second way is a bit of a blunt instrument \u2013 where <strong>the virus maker encrypts the entire body of the virus leaving only the encrypted virus and a cryptographic key to decrypt it<\/strong>. This type of encryption would not trigger a virus signature scanner because the scanner couldn\u2019t identify encrypted module as anything. But, it might recognize the presence of the encryption key. Nowadays with most antivirus software this triggers an alarm within the antivirus system causing it to quarantine the entire chunk of code, just to be safe. This method is rarely used today.<\/p>\n<p>A third way a virus uses encryption to avoid detection is within an executable file. Here, the virus has been encrypted and is hiding within an executable file waiting for a defined set of actions to decrypt itself and execute. This is known as <strong>cryptovirology<\/strong>. The most commonly-used scenario of this type of virus encryption is having the latent virus wait until the computer has disabled its anti-virus software \u2013 either manually or during an update. The encrypted virus identifies those situations, decrypts and infects the machine. As an added insult, a virus like this will also disable the anti-virus software permanently.<\/p>\n<p><strong>Next up: Polymorphic Code<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Viruses encrypt themselves to avoid signature detection in 3 common ways. The first is an older and very small footprint type of encryption that uses the XOR cipher. A XOR cipher is a simple form of encoding that encrypts the input by a using a simple key that is XORed against the input to create [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[356],"tags":[137,444,23,445,446,447],"class_list":["post-1312","post","type-post","status-publish","format-standard","hentry","category-explainers","tag-antivirus","tag-cryptovirology","tag-cyber-security","tag-encrypted-executable","tag-xor-ciphers","tag-xoring"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How Viruses Hide: Self Encryption - BankVault<\/title>\n<meta name=\"description\" content=\"A sneaky way that viruses hide themselves so they cannot be detected by antivirus software programs is through self-encryption.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.bankvault.com\/viruses-polymorphic-code-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How Viruses Hide: Self Encryption - BankVault\" \/>\n<meta property=\"og:description\" content=\"A sneaky way that viruses hide themselves so they cannot be detected by antivirus software programs is through self-encryption.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.bankvault.com\/viruses-polymorphic-code-2\/\" \/>\n<meta property=\"og:site_name\" content=\"BankVault\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/BankVaultOnline\/\" \/>\n<meta property=\"article:published_time\" content=\"2015-08-19T01:11:12+00:00\" \/>\n<meta name=\"author\" content=\"BankVault\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@bankvaultonline\" \/>\n<meta name=\"twitter:site\" content=\"@bankvaultonline\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"BankVault\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How Viruses Hide: Self Encryption - BankVault","description":"A sneaky way that viruses hide themselves so they cannot be detected by antivirus software programs is through self-encryption.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.bankvault.com\/viruses-polymorphic-code-2\/","og_locale":"en_US","og_type":"article","og_title":"How Viruses Hide: Self Encryption - BankVault","og_description":"A sneaky way that viruses hide themselves so they cannot be detected by antivirus software programs is through self-encryption.","og_url":"https:\/\/www.bankvault.com\/viruses-polymorphic-code-2\/","og_site_name":"BankVault","article_publisher":"https:\/\/www.facebook.com\/BankVaultOnline\/","article_published_time":"2015-08-19T01:11:12+00:00","author":"BankVault","twitter_card":"summary_large_image","twitter_creator":"@bankvaultonline","twitter_site":"@bankvaultonline","twitter_misc":{"Written by":"BankVault","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.bankvault.com\/viruses-polymorphic-code-2\/#article","isPartOf":{"@id":"https:\/\/www.bankvault.com\/viruses-polymorphic-code-2\/"},"author":{"name":"BankVault","@id":"https:\/\/www.bankvault.com\/#\/schema\/person\/76e0aa85d5ac5405b47c0760eb9ab639"},"headline":"How Viruses Hide: Self Encryption","datePublished":"2015-08-19T01:11:12+00:00","dateModified":"2015-08-19T01:11:12+00:00","mainEntityOfPage":{"@id":"https:\/\/www.bankvault.com\/viruses-polymorphic-code-2\/"},"wordCount":324,"commentCount":0,"publisher":{"@id":"https:\/\/www.bankvault.com\/#organization"},"keywords":["antivirus","cryptovirology","cyber security","encrypted executable","XOR ciphers","XORing"],"articleSection":["Explainers"],"inLanguage":"en-AU","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.bankvault.com\/viruses-polymorphic-code-2\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.bankvault.com\/viruses-polymorphic-code-2\/","url":"https:\/\/www.bankvault.com\/viruses-polymorphic-code-2\/","name":"How Viruses Hide: Self Encryption - BankVault","isPartOf":{"@id":"https:\/\/www.bankvault.com\/#website"},"datePublished":"2015-08-19T01:11:12+00:00","dateModified":"2015-08-19T01:11:12+00:00","description":"A sneaky way that viruses hide themselves so they cannot be detected by antivirus software programs is through self-encryption.","breadcrumb":{"@id":"https:\/\/www.bankvault.com\/viruses-polymorphic-code-2\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.bankvault.com\/viruses-polymorphic-code-2\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.bankvault.com\/viruses-polymorphic-code-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.bankvault.com\/"},{"@type":"ListItem","position":2,"name":"How Viruses Hide: Self Encryption"}]},{"@type":"WebSite","@id":"https:\/\/www.bankvault.com\/#website","url":"https:\/\/www.bankvault.com\/","name":"BankVault","description":"cybersecurity","publisher":{"@id":"https:\/\/www.bankvault.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.bankvault.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-AU"},{"@type":"Organization","@id":"https:\/\/www.bankvault.com\/#organization","name":"BankVault","url":"https:\/\/www.bankvault.com\/","logo":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.bankvault.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.bankvault.com\/wp-content\/uploads\/2018\/11\/BankVault-Logo-Light.png","contentUrl":"https:\/\/www.bankvault.com\/wp-content\/uploads\/2018\/11\/BankVault-Logo-Light.png","width":1212,"height":275,"caption":"BankVault"},"image":{"@id":"https:\/\/www.bankvault.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/BankVaultOnline\/","https:\/\/x.com\/bankvaultonline"]},{"@type":"Person","@id":"https:\/\/www.bankvault.com\/#\/schema\/person\/76e0aa85d5ac5405b47c0760eb9ab639","name":"BankVault","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.bankvault.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/?s=96&d=mm&r=g","caption":"BankVault"},"url":"https:\/\/www.bankvault.com\/author\/bankvault\/"}]}},"_links":{"self":[{"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/posts\/1312","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/comments?post=1312"}],"version-history":[{"count":0,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/posts\/1312\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/media?parent=1312"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/categories?post=1312"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.bankvault.com\/wp-json\/wp\/v2\/tags?post=1312"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}