Skip to content

Commit

Permalink
add packed-with-nmm-protect (#940)
Browse files Browse the repository at this point in the history
* add packed-with-nmm-protect

* nmm-protect: add os and description
  • Loading branch information
williballenthin authored Sep 30, 2024
1 parent 109890c commit 896d912
Showing 1 changed file with 24 additions and 0 deletions.
24 changes: 24 additions & 0 deletions anti-analysis/packer/nmm-protect/packed-with-nmm-protect.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
rule:
meta:
name: packed with nmm-protect
namespace: anti-analysis/packer/nmm-protect
authors:
- [email protected]
description: nmm-protect is a virtualizing packer, like VMProtect, that protects Android applications
scopes:
static: file
dynamic: file
att&ck:
- Defense Evasion::Obfuscated Files or Information::Software Packing [T1027.002]
mbc:
- Anti-Static Analysis::Software Packing::VMProtect [F0001.010]
references:
- https://github.com/maoabc/nmmp#nmm-protect
examples:
- e5e8c139772efe47f738f4788ae9b3dc97960b1c006bc6a406715cab69f27cfc
features:
- and:
- os: android
- string: "vmInterpret"
- string: "cacheInitial"
- string: "getCacheClass"

0 comments on commit 896d912

Please sign in to comment.