• DocumentCode
    595571
  • Title

    Code synchronization by morphological analysis

  • Author

    Bonfante, Guillaume ; Marion, J. ; Sabatier, Fabrice ; Thierry, Aurelien

  • Author_Institution
    LORIA, Univ. de Lorraine, Vandœuvre-lès-Nancy, France
  • fYear
    2012
  • fDate
    16-18 Oct. 2012
  • Firstpage
    112
  • Lastpage
    119
  • Abstract
    Reverse-engineering malware code is a difficult task, usually full of the traps put by the malware writers. Since the quality of defense softwares depends largely on the analysis of the malware, it becomes crucial to help the software investigators with automatic tools. We describe and present a tool which synchronizes two related binary programs. Our tool finds some common machine instructions between two programs and may display the correspondence instruction by instruction in IDA. Experiments were performed on many malware such as stuxnet, duqu, sality or waledac. We have rediscovered some of the links between duqu and stuxnet, and we point out OpenSSL´s use within waledac.
  • Keywords
    invasive software; reverse engineering; software tools; synchronisation; IDA instruction; OpenSSL; automatic tool; binary program; code synchronization; correspondence instruction; defense softwares; duqu; machine instruction; malware analysis; morphological analysis; reverse-engineering malware code; sality; stuxnet; waledac; Abstracts; Binary codes; Libraries; Malware; Software; Standards; Synchronization;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Malicious and Unwanted Software (MALWARE), 2012 7th International Conference on
  • Conference_Location
    Fajardo, PR
  • Print_ISBN
    978-1-4673-4880-5
  • Type

    conf

  • DOI
    10.1109/MALWARE.2012.6461016
  • Filename
    6461016
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=595571