What is De-obfuscating Malware
One of the most important features of modern malware is obfuscation. Obfuscation is the process of changing something so as to hide its main purpose. In the case of malwareit is used to make an automated analysis of it's nearly impossible and to frustrate manual analysis to the maximum extent possible. There are two basic ways to deal with obfuscation. The first way is to simply ignore it, in which case your only real option for understanding the nature of a piece of malware is to observe its
behavior in a carefully instrumented environment, as detailed in the previous chapter. 

The second way to deal with it to take steps to remove it and reveal the original “de-obfuscated” program, which can then be analyzed using traditional tools such as disassemblers and debuggers. Of course, malware authors understand that analysts will attempt to break through any obfuscation, and as a result, they design it with features designed to make de-obfuscation difficult. it can never be made truly impossible since it must ultimately run on its target CPU; it will always be possible to
observe the sequence of instructions that execute using some combination of hardware and software tools. In all likelihood, the author’s goal is simply to make analysis sufficiently difficult that a window of opportunity is opened for the malware in which it can operate without detection.