Αυτοματοποιημένη θωράκιση των κακόβουλων προγραμμάτων μέσω της εφαρμογής επιλεγμένων antidebugging και αντι-vm τεχνικών
Automated armoring of PE malwares through the implementation of selected anti-debugging and anti-vm techniques
View/
Keywords
PE malware ; Anti-reverse ; Anti-debugging ; Anti-vmAbstract
Debuggers are tools traditionally used by programmers to find errors (called “bugs”) in code. However,
in the field of malware analysis, debuggers are an essential tool used to reverse-engineer malware
binaries, helping analysts to understand the purpose and functionality of malware when static analysis
isn’t enough. Because of their significance, many malware authors try to prevent analysts from using
them. By employing various techniques in the code (known as “anti-debugging”), malware can
successfully delay analysts and prolong its “life”. Moreover, malware analysis relies heavily on the use of
virtualization and emulation technology to run samples in an isolated environment, for functionality and
safety. However, virtual machines and emulators always create traces, so called artifacts, which
malware can use to detect the execution environment. The goal of this paper to present selected anti-debugging and anti-vm techniques and include them in a tool that can automatically append them to the basic functionality of a malware Windows binary in order to armor it.
Postgraduate Studies Programme
Προηγμένα Συστήματα ΠληροφορικήςDepartment
Σχολή Τεχνολογιών Πληροφορικής και Επικοινωνιών. Τμήμα ΠληροφορικήςNumber of pages
36Language
EnglishCollections
Except where otherwise noted, this item's license is described as
Attribution-NonCommercial-NoDerivatives 4.0 Διεθνές
Attribution-NonCommercial-NoDerivatives 4.0 Διεθνές