Security operations center (SoC)
Service provider interfaces (SPIs)
Signature-driven detection
Single element/reference point
Static analysis
behavior-based detection
code signer information
dynamic analysis, feeder
file formats
filename/extension faking
file type/file extension mismatch
hash generation
infection context
Internet, blogs and analysis reports
properties
setup/environment
strings
techniques
thumbnail faking
version information/details
VirusTotal
YARA
Static binary instrumentation
Stealth
code injection
feature
filename/extension faking
file properties/permissions
APIMiner tool
methods
ProcMon
SetFileAttributes API
hiding process window
kernel component
psycholinguistic technique
stealing system file names
thumbnail faking
String analysis
BinText
dynamic observation
file type
PEiD
static observation
version information/details
System service descriptor table (SSDT)
API hooking
APIMiner tool
GMER tool
inline hooking
service functions
structure