Historically, the majority of traditional AV solutions have relied on static signatures to identify known malware. As a result, malware authors naturally started employing a range of tools to obfuscate the underlying code of their software in order to avoid such signature based detection and to hinder (human) static analysis.
These obfuscation tools have proliferated over the past years, with numerous commercial offerings available as even legitimate software authors look to at least hinder the reverse-engineering of their products. While the methods and results vary, the ultimate intention is now usually to make the code discouragingly hard to read (as opposed to the original design intent behind traditional packers which was to decrease the file-size of an executable).
This series of blog posts will look at a range of techniques commonly used to avoid detection by antivirus products and the ready availability of these tools.