Re: Placebo (not the "band")
If we're talking about oo7, then de-obfuscation is not needed. The purpose of oo7 is to protect vulnerable but naturally benign software from being exploited via the Spector vector. Moreover, oo7 fixes the code on the source level. Only the detection is performed on the binary level. But still, the binary is obtained from the source code.
P.S. with all these said, oo7, at least the detector is still quite robust to obfuscation, as it uses the Microexecution underneath the hood, thus all jump targets are computed. Of course, it is still possible to beat it using different anti-emulation techniques. But this battle will never end, you know.
Biting the hand that feeds IT
