• DocumentCode
    265698
  • Title

    Malware Dynamic Recompilation

  • Author

    Josse, Sebastien

  • fYear
    2014
  • fDate
    6-9 Jan. 2014
  • Firstpage
    5080
  • Lastpage
    5089
  • Abstract
    Malware are more and more difficult to analyze, using conventional static and dynamic analysis tools, because they use commercially off-the-shelf specialized tools to protect their code. We present in this paper the bases of a multi-targets, generic and automatic binary rewriting tool adapted to the analysis of protected and potentially hostile binary programs. It implements an emulator and several specialized analysis functions to firstly observe the target program and its execution environment, and next extract and simplify its representation. This simplification is done through the use of a new and generic method of information extraction and de-obfuscation.
  • Keywords
    invasive software; program diagnostics; binary program analysis; code protection; dynamic malware recompilation; emulators; execution environment; information deobfuscation; information extraction; multi-target-generic-automatic binary rewriting tool; off-the-shelf specialized tools; target program analysis functions; Computer architecture; Data mining; Engines; Instruments; Malware; Operating systems;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    System Sciences (HICSS), 2014 47th Hawaii International Conference on
  • Conference_Location
    Waikoloa, HI
  • Type

    conf

  • DOI
    10.1109/HICSS.2014.624
  • Filename
    6759227
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=265698