Parent-based Powershell Script Fusion Technology

Abstract

To address the characteristics of traditional obfuscation methods such as single approach and obvious features, a Parent-based Powershell Script Fusion Technology is proposed based on code fusion. This technology uses the target script to undergo slice encryption processing, and in-depth fusion with the parent script in the execution logic and execution flow, and uses the parent script to conceal the behavior characteristics of the target script. A number of Powershell scripts commonly used for infiltration are selected as the test set to test the proposed technique. The test results show that the proposed technique can reduce the detection rate of the antivirus engine for the target script and has a greater advantage in anti-static analysis.