|
The key is not the timing. Usually, the timing doesn't play a major role in the following analyses. A good hint might be understanding when the payload gets detected.
Try to make some borderline programs: some that you think will trigger the red flag and some, doing similar things, that won't trigger it. After this, you should start to see a pattern.
If you were an antivirus programmer, what would you check for?
|