Unpacking Virtualization Obfuscators
نویسنده
چکیده
Nearly every malware sample is sheathed in an executable protection which must be removed before static analyses can proceed. Existing research has studied automatically unpacking certain protections, but has not yet caught up with many modern techniques. Contrary to prior assumptions, protected programs do not always have the property that they are reverted to a fully unprotected state at some point during the course of their execution. This work provides a novel technique for circumventing one of the most problematic features of modern software protections, so-called virtualization obfuscation. The technique enables analysis of heretofore impenetrable malware.
منابع مشابه
Enabling OpenCL support for GPGPU in Kernel-based Virtual Machine
The importance of heterogeneous multicore programming is increasing, and Open Computing Language (OpenCL) is an open industrial standard for parallel programming that provides a uniform programming model for programmers to write efficient, portable code for heterogeneous computing devices. However, OpenCL is not supported in the system virtualization environments that are often used to improve ...
متن کاملBootstrapping Obfuscators via Fast Pseudorandom Functions
We show that it is possible to upgrade an obfuscator for a weak complexity class WEAK into an obfuscator for arbitrary polynomial size circuits, assuming that the class WEAK can compute pseudorandom functions. Specifically, under standard intractability assumptions (e.g., hardness of factoring, Decisional Diffie-Hellman, or Learning with Errors), the existence of obfuscators for NC or even TC i...
متن کاملOn the Limits of Point Function Obfuscation
We study the problem of circuit obfuscation, i.e., transforming the circuit in a way that hides everything except its input-output behavior. Barak et al. showed that a universal obfuscator that obfuscates every circuit class cannot exist, leaving open the possibility of special-purpose obfuscators. Known positive results for obfuscation are limited to point functions (boolean functions that ret...
متن کاملObfuscation Combiners
Obfuscation is challenging; we currently have practical candidates with rather vague security guarantees on the one side, and theoretical constructions which have recently experienced jeopardizing attacks against the underlying cryptographic assumptions on the other side. This motivates us to study and present robust combiners for obfuscators, which integrate several candidate obfuscators into ...
متن کاملBenchmarking Obfuscators of Functionality
We propose a set of benchmarks for evaluating the practicality of software obfuscators which rely on provablysecure methods for functional obfuscation. Note to SPRO referees: this paper is one page longer than the 7-page limit for a regular submission. I will prepare a 7-page version, if this is required for publication.
متن کامل