Comment by p-e-w
2 years ago
Unless they are statically linked.
Or the binary uses executable compression.
Or obfuscated dynamic loading.
Or about a million other techniques that can thwart dependency analysis, and which have been well-known for decades.
And precense of those things is basically the first thing any malware heuristic looks at. Why are you so emphatically stating them as if they are news?
i think they were just examples of how simply looking at imports isn't good enough, and it's true. on the plus side, by hitting HN there are more eyes on it and hopefully more consensus on how safe/interesting this is