Malware can be built using compiler flags and settings that produce object files that are harder to analyze.
These flags can be an easy addition to malware projects by simply tweaking settings in an IDE or editing a Makefile.
A basic example of this is omitting the -g flag when building projects using gcc. This instructs the compiler not to include debugging information that makes debugging easier, thus making it harder to analyze.