Title :
Static Analysis of the Disassembly against Malicious Code Obfuscated with Conditional Jumps
Author :
Dai, Chao ; Pang, Jianmin ; Zhao, Rongcai ; Ma, Xiaojun
Author_Institution :
Nat. Digital Switching Syst. Eng. & Technol. Res. Center of China, Beijing
Abstract :
With the application of information technology and network, malicious codes have become a main threat to the computer security. In order to avoid being analyzed statically, malicious codes resort to various obfuscation techniques to hide themselves. Conditional jumps obfuscation is just such a kind of technique. In this paper, we introduce four forms of conditional jumps obfuscation which could confuse both of the two commonly used disassembly algorithms. Their basic idea is that two elaborate constructed conditional jump instructions are semantically equivalent to one unconditional jump. We propose a modified algorithm to crack the obfuscation. And we implement our idea in our reverse analysis tool Radux (Reverse Analysis for Detecting Unsafe eXecutables). Last we compare the disassembly output of Radux with objdump and IDApro. Relevant tests show that our implementation is effective.
Keywords :
invasive software; program control structures; program diagnostics; computer security; conditional jump obfuscation; disassembly algorithm; malicious code; reverse analysis; static program analysis; unsafe executable detection; Application software; Computer applications; Computer networks; Computer security; Data analysis; Information analysis; Information science; Information technology; Military computing; Pattern matching; conditional jump; disassembly; malicious codes; obfuscation;
Conference_Titel :
Computer and Information Science, 2008. ICIS 08. Seventh IEEE/ACIS International Conference on
Conference_Location :
Portland, OR
Print_ISBN :
978-0-7695-3131-1
DOI :
10.1109/ICIS.2008.18
