This content is open to everyone — sign in to save your progress, earn points, and unlock module exams.
Topic 6.6 of Examining Self-Defending Malware
Stolen bytes, nanomites, PE header erasure, guard page anti-dumping, the six-step anticipatory unpacking methodology, packer reference table, and Process Doppelgänging and Process Ghosting.
By the end of this topic, you will
Quadrant 1 · e-Tutorial
Quadrant 2 · e-Content
Quadrant 3 · Web Resources
Downloadable reference material
External links
REMA eBook 2026 — Chapter 6, Advanced Unpacking
Full stolen bytes diagram, nanomite mechanism, and anticipatory unpacking methodology in the REMA eBook Chapter 6.
hasherezade — PE-sieve: Automated Injection and Packing Detector
Scans running processes for injected code, hollowed modules, and anomalous PE regions. Dumps suspicious regions automatically.
MITRE ATT&CK — Process Doppelgänging (T1055.013)
ATT&CK entry for Process Doppelgänging with detection guidance and real-world examples.
Quadrant 4 · Self-Assessment
Examining Self-Defending Malware
Covers anti-debugging techniques, virtual machine and sandbox detection, protection of embedded data, code misdirection, and advanced unpacking methodologies.
REMA Complete Assessment
A comprehensive 120-question assessment covering the entire Reverse Engineering and Malware Analysis curriculum: malware taxonomy and reverse engineering fundamentals, static and dynamic analysis, reversing malicious code, malicious web and document files, in-depth analysis of packed and fileless malware, and self-defending malware techniques.