• DocumentCode
    2329913
  • Title

    Automatic Extraction of Secrets from Malware

  • Author

    Zhao, Ziming ; Ahn, Gail-Joon ; Hu, Hongxin

  • Author_Institution
    Lab. of Security Eng. for Future Comput. (SEFCOM), Arizona State Univ., Tempe, AZ, USA
  • fYear
    2011
  • fDate
    17-20 Oct. 2011
  • Firstpage
    159
  • Lastpage
    168
  • Abstract
    As promising results have been obtained in defeating code obfuscation techniques, malware authors have adopted protection approaches to hide malware-related data from analysis. Consequently, the discovery of internal cipher text data in malware is now critical for malware forensics and cyber-crime analysis. In this paper, we present a novel approach to automatically extract secrets from malware. Our approach identifies and extracts binary code relevant to secret hiding behaviors. Then, we relocate and reuse the extracted binary code in a self-contained fashion to reveal hidden information. We demonstrate the feasibility of our approach through a proof-of-concept prototype called ASES (Automatic and Systematic Extraction of Secrets) along with experimental results.
  • Keywords
    cryptography; invasive software; ASES; automatic and systematic extraction of secrets; binary code; code obfuscation; cyber-crime analysis; forensic; internal cipher text data; malware; proof-of-concept prototype; secret hiding behavior; Algorithms; Binary codes; Cryptography; Data mining; Malware; Prototypes; Runtime;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Reverse Engineering (WCRE), 2011 18th Working Conference on
  • Conference_Location
    Limerick
  • ISSN
    1095-1350
  • Print_ISBN
    978-1-4577-1948-6
  • Type

    conf

  • DOI
    10.1109/WCRE.2011.27
  • Filename
    6079838
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2329913