Uninformed: Informative Information for the Uninformed

Vol 9» 2008.Jan

Decoder Stub

The decoder stub is a small chunk of instructions that is prepended to the encoded payload. When this new payload is executed on the target system, the decoder stub executes first and is responsible for decoding the original payload data. Once the original payload data is decoded, the decoder stub passes execution to the original payload. Decoder stubs generally perform a reversal of the encoding function, or in the case of an XOR obfuscation encoding, simply perform the XOR again against the same key value.