Integration of Ether Unpacker into Ragpicker for plugin-based Malware Analysis and Identification

نویسندگان

  • Erik Schaefer
  • Nhien-An Le-Khac
  • Mark Scanlon
چکیده

Malware is a pervasive problem in both personal computing devices and distributed computing systems. Identification of malware variants and their families offers a great benefit in early detection resulting in a reduction of the analyses time needed. In order to classify malware, most of the current approaches are based on the analysis of the unpacked and unencrypted binaries. However, most of the unpacking solutions in the literature have a low unpacking rate. This results in a low contribution towards the identification of transferred code and re-used code. To develop a new malware analysis solution based on clusters of binary code sections, it is required to focus on increasing of the unpacking rate of malware samples to extend the underlying code database. In this paper, we present a new approach of analysing malware by integrating ETHER Unpacker into the plugin-based malware analysis tool, Ragpicker. We also evaluate our approach against real-world malware patterns.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Preprocessing of Binary Executable Files Towards Retargetable Decompilation

The goal of retargetable machine-code decompilation is to analyze and reversely translate platform-dependent executable files into a high level language (HLL) representation. This process can be used for many different purposes, such as legacy code reengineering, malware analysis, etc. Retargetable decompilation is a complex task that must deal with a lot of different platform-specific features...

متن کامل

Hubble: Transparent and Extensible Malware Analysis by Combining Hardware Virtualization and Software Emulation

Malware is actively making efforts to evade analysis. In particular, anti-emulation techniques have been deployed to defeat fine-grained dynamic analysis. Our evaluation of 150 real world malware samples revealed that 14 could not be analyze by any of three popular emulation based analysis tools, Anubis [1], CWSandbox [3] and TEMU [5]. While these samples operated normally in KVM using hardware...

متن کامل

Detecting Packed Executables Based on Raw Binary Data

Packing an executable originally referred to the compression of the file to reduce its size on disk. Nowadays, packing also introduces encryption and anti-debug techniques to protect executables from reverse engineering. This explains why packers are extensively used in creating new malware variants which are not detected by traditional signature-based anti-malware tools. Although universal unp...

متن کامل

A Quantitative Evaluation of the Target Selection of Havex ICS Malware Plugin

While most of the current research focus is rightfully put on finding and mitigating vulnerabilities in industrial control systems (ICS), the opposite angle, namely researching operational weaknesses or unintelligent decisions of ICS malware that make them susceptible to detection, defensive entrapment, and forensics at large, is lesser explored. In this paper we perform a quantitative evaluati...

متن کامل

DyVSoR: dynamic malware detection based on extracting patterns from value sets of registers

To control the exponential growth of malware files, security analysts pursue dynamic approaches that automatically identify and analyze malicious software samples. Obfuscation and polymorphism employed by malwares make it difficult for signature-based systems to detect sophisticated malware files. The dynamic analysis or run-time behavior provides a better technique to identify the threat. In t...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • CoRR

دوره abs/1708.01731  شماره 

صفحات  -

تاریخ انتشار 2017