Module Obfuscation

This section outlines the obfuscation settings that are applied to the entire module.

Import Obfuscation

Removes all imports from the binary file and resolves them at runtime. This prevents static analysis tools from uncovering your imports automatically. This is currently only implimented for usermode PE files.

Note: Kernel mode import protection features will come in the near future

Before Import Protection — *Before import protection is applied all imports can be viewed.*

After Import Protection — *After import protection is applied, there are no imports.*

Anti Debug (Windows 10)

Prevent debuggers from attaching to your program. Breaks most modern debuggers but requires that the program executes on a Windows 10 or newer system.

Note: more anti debug features will come in the near future

Fake Entry Point

Obscure the entry point by using exception based control flow obfuscation. This breaks unicorn-engine based PE emulators that do not properly support structured exception handling.

Note: more anti emulation techniques will come in the near future

Import Obfuscation​

Anti Debug (Windows 10)​

Fake Entry Point​

Import Obfuscation

Anti Debug (Windows 10)

Fake Entry Point