How Malwares use Dynamic API loading to bypass signature based Static Scanning
What is "Dynamic API loading"? Legal usage : Dynamic loading is a mechanism by which a computer program can, at run time, load a library (or other binary) into memory. more here > https://en.wikipedia.org/wiki/Dynamic_loading#cite_note-autobook-1 Illegal usage : It is an antivirus bypassing technique used by malware to bypass static scanning and analysis by hiding the names of libraries and APIs they are using to hide their functionality. Implementation stages : 1- Encrypting the names of libraries and APIs. 2- storing encrypted names in the executable. 3- Calling an API called "LoadLibraryA" to load the library he wants to APIs from. 4- Decrypting those names to be valid arguments. 5- Calling an API called "GetProcAddress" to load the API he wants to use. Step by step explanation: 1- Encrypting the names of libraries and APIs: In this stage, the malware author writes a program to implement an encryption algorithm taking a name a