• DocumentCode
    542052
  • Title

    Analysis of Abnormity Return in Subprogram from Malicious Executables

  • Author

    Zhang, Yichi ; Pang, Jianmin ; Shan, Zheng ; Wei, Zhenfang

  • Author_Institution
    Nat. Digital Switching Syst. Eng. & Technol. Res. Center, Zhengzhou, China
  • Volume
    1
  • fYear
    2010
  • fDate
    13-14 Oct. 2010
  • Firstpage
    277
  • Lastpage
    280
  • Abstract
    In recent years, the increase of malicious executables has presented a serious threat to enterprises, organizations, and individuals. In order to avoid being analyzed statically, malicious codes resort to various obfuscation techniques to hide their malicious behaviors. The technique based on the abnormity return of subprogram is one of the techniques. The disassemblers, such as IDAPro and OBJDump, couldn´t deal with malware which uses this technique. This paper describes the principles adopted by a malware to implement the exception return in the subprogram, and presents an extended disassembly algorithm for handling this kind of malware. The capability of the disassembly algorithm is analyzed and tested. The result of the test proves that the algorithm is effective.
  • Keywords
    invasive software; program diagnostics; IDAPro; OBJDump; abnormity return analysis; extended disassembly algorithm; malicious code executables; malware; obfuscation techniques; subprogram; Algorithm design and analysis; Availability; Decoding; Indexes; Malware; Viruses (medical); code obfuscation; disassembly; malware;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Intelligent System Design and Engineering Application (ISDEA), 2010 International Conference on
  • Conference_Location
    Changsha
  • Print_ISBN
    978-1-4244-8333-4
  • Type

    conf

  • DOI
    10.1109/ISDEA.2010.1
  • Filename
    5743178
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=542052