Αυτοματοποιημένη θωράκιση των κακόβουλων προγραμμάτων μέσω της εφαρμογής επιλεγμένων antidebugging και αντι-vm τεχνικών
Automated armoring of PE malwares through the implementation of selected anti-debugging and anti-vm techniques
Debuggers are tools traditionally used by programmers to find errors (called “bugs”) in code. However, in the field of malware analysis, debuggers are an essential tool used to reverse-engineer malware binaries, helping analysts to understand the purpose and functionality of malware when static analysis isn’t enough. Because of their significance, many malware authors try to prevent analysts from using them. By employing various techniques in the code (known as “anti-debugging”), malware can successfully delay analysts and prolong its “life”. Moreover, malware analysis relies heavily on the use of virtualization and emulation technology to run samples in an isolated environment, for functionality and safety. However, virtual machines and emulators always create traces, so called artifacts, which malware can use to detect the execution environment. The goal of this paper to present selected anti-debugging and anti-vm techniques and include them in a tool that can automatically append them to the basic functionality of a malware Windows binary in order to armor it.