Title :
Malware Dynamic Recompilation
Author :
Josse, Sebastien
Abstract :
Malware are more and more difficult to analyze, using conventional static and dynamic analysis tools, because they use commercially off-the-shelf specialized tools to protect their code. We present in this paper the bases of a multi-targets, generic and automatic binary rewriting tool adapted to the analysis of protected and potentially hostile binary programs. It implements an emulator and several specialized analysis functions to firstly observe the target program and its execution environment, and next extract and simplify its representation. This simplification is done through the use of a new and generic method of information extraction and de-obfuscation.
Keywords :
invasive software; program diagnostics; binary program analysis; code protection; dynamic malware recompilation; emulators; execution environment; information deobfuscation; information extraction; multi-target-generic-automatic binary rewriting tool; off-the-shelf specialized tools; target program analysis functions; Computer architecture; Data mining; Engines; Instruments; Malware; Operating systems;
Conference_Titel :
System Sciences (HICSS), 2014 47th Hawaii International Conference on
Conference_Location :
Waikoloa, HI
DOI :
10.1109/HICSS.2014.624
