Malware authors often use simple encoding techniques, because it is just enough to obscure the data, but sometimes, attackers also use encryption. To identify the use of cryptographic functionality in the binary, you can look for cryptographic indicators (signatures) such as:
- Strings or imports that reference cryptographic functions
- Cryptographic constants
- Unique sequences of instructions used by cryptographic routines