RAMBO: Run-Time Packer Analysis with Multiple Branch Observation
نویسندگان
چکیده
Run-time packing is a technique employed by malware authors in order to conceal (e.g., encrypt) malicious code and recover it at run-time. In particular, some run-time packers only decrypt individual regions of code on demand, re-encrypting them again when they are not running. This technique is known as shifting decode frames and it can greatly complicate malware analysis. The first solution that comes to mind to analyze these samples is to apply multi-path exploration to trigger the unpacking of all the code regions. Unfortunately, multi-path exploration is known to have several limitations, such as its limited scalability for the analysis of real-world binaries. In this paper, we propose a set of domain-specific optimizations and heuristics to guide multi-path exploration and improve its efficiency and reliability for unpacking binaries protected with shifting decode frames.
منابع مشابه
Compiler Support for Value-Based Indirect Branch Prediction
Indirect branch targets are hard to predict as there may be multiple targets corresponding to a single indirect branch instruction. Value Based BTB Indexing (VBBI), a recently proposed indirect branch prediction technique, utilizes the compiler to identify a ‘hint instruction’, whose output value strongly correlates with the target address of an indirect branch. At run time, multiple targets ar...
متن کاملFinding efficient frontier of process parameters for plastic injection molding
Product quality for plastic injection molding process is highly related with the settings for its process parameters. Additionally, the product quality is not simply based on a single quality index, but multiple interrelated quality indices. To find the settings for the process parameters such that the multiple quality indices can be simultaneously optimized is becoming a research issue and ...
متن کاملRambo: a robust, reconfigurable atomic memory service for dynamic networks Citation
In this paper, we present RAMBO, an algorithm for emulating a read/write distributed shared memory in a dynamic, rapidly changing environment. RAMBO provides a highly reliable, highly available service, even as participants join, leave, and fail. In fact, the entire set of participants may change during an execution, as the initial devices depart and are replaced by a new set of devices. Even s...
متن کاملSimplified Seismic Dynamic Analysis of Sloshing Phenomenon in Rectangular Tanks with Multiple Vertical Baffles
Sloshing is a well-known phenomenon in liquid storage tanks subjected to base or body motions. In recent years the use of multiple vertical baffles for reducing the sloshing effects in tanks subjected to earthquake has not been taken into consideration so much. On the other hand, although some of the existing computer programs are capable to model sloshing phenomenon with acceptable accuracy, t...
متن کاملAccelerating Coupled Applications through Register Level Communication between Processing Elements
Early SoCs have boosted parallelism exploitation for a limited number of embedded system applications that can be easily decomposed into multiple independent parts, thus enabling their facile execution on multiple Processing Elements (PEs) in parallel. However, as the computation complexity of the applications increases, the lockstep execution model is increasingly being questioned due to archi...
متن کامل