I had a program here that I wanted to analyze. The program has a random header all the time, but the process name has the same name all the time.
Now my first question is, why do that?
This is how the headers text may look like: bD^3]~2C.ëO.á.@
Not exactly as that, but a style of how it may look like.
The format is like this: xxxxx~xCxxxxá.@
x = random everytime I start the .exe, all other is always the same.
alyways ends with á.@
6th character is always ~
8th characteris always a "weird" C (C from a other alphabet)
11th character is always a box () those letter boxes in utf-8 format or something that you usually can find in .dll files.
and 15 characters all the time.
So what's the point of having a random header, I've asked some other programmers and they said it can be a checksum, well why would you then debug a checksum in a header?