Automating uncompressing and static analysis of Conficker worm

The infamous computer worm, Conficker, which targeting the Microsoft Windows operating system, was literally over the media. This malicious worm used modern malware technique, where it hide its malicious portion of the program code with a runtime generation and execution of program code and transforming it back into executable code at run time. This obfuscation technique poses obstacles to security researcher who want to understand the malicious features of new or unknown malware especially for those who want to create program of detection and methods of recovery. Our approach is based on observation that sequences of packed or hidden code in two different version of Conficker worm. Self-identifying when its runtime execution is checked against its static code mode and an automating uncompressing code is executed to unpack the packer. Following the extraction of the malicious worm, we focus our analysis on the features of Conficker worm.