Analyzing the effectiveness of shellcode injectors
Ανάλυση της αποτελεσματικότητας των shellcode injectors
In this thesis we analyze the effectiveness of shellcode injectors regarding their ability to bypass antivirus engines. To assist us in the process we have developed a tool written in Python 2.7 which automates the process of sample generation, analysis of the infected files, statistics calculation and presentation of results. We demonstrate the usage and results of this tool on two shellcode injectors, ROPInjector and Shellter. By generating a large sample of infected files and testing them against the online service VirusTotal we are able to demonstrate the effectiveness of each shellcode injector to hide the malicious payload as well as the effectiveness of antivirus engines to accurately detect the injected files. The output of this work is a tool that facilitates and automates this process and the highlighting the strength and weaknesses of both the shellcode injectors and the antivirus engines.