Using Base64 for Malware Obfuscation - Security Boulevard

Using Base64 for Malware Obfuscation

What is Malware – Malware stands for malicious software and software, in simple language, means some program written in any programming language. So if a malicious program is intentionally written to cause damage to any computer or server or gain unauthorized access to any system, it is called malware.

What is Obfuscation – Obfuscation is the most commonly used technique to conceal the original code written by the programmer, rendering the executable code difficult to read and hard to understand while maintaining the functionality of the written code.

Malware obfuscation techniques – There are many obfuscation techniques being used by malware writers like Base64, Exclusive OR (XOR), ROT13, Dead code insertion, Instruction changes, Packers etc.

In this post, we will be focusing on Base64 obfuscation technique.

Base64 Obfuscation –

Base64 is a simple malware obfuscation technique. The very reason why Base64 encoding is used is because using Base64 it is possible to encode binary data to ASCII string format. Thus, attackers encode data in base64 format and send it over HTTP Protocol. Base64 allows only 64 characters for encoding, hence the name. The characters are –

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=

“=” is used for padding.

Base64 Encoding Method – You can refer below the Base64 table for converting normal strings to base64 encoding. As per the table, 0 corresponds to letter ‘A’, 45 corresponds to letter  ‘t’, / corresponds to ‘63’ and so on.

Char.Dec. Char.Dec. Char.Dec.
A0 W22 s44
B1 X23 t45
C2 Y24 u46
D3 Z25 v47
E4 a26 w48
F5 b27 x49
G6 c28 y50
H7 d29 (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Nitesh Malviya. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/Y934GPPghwM/