Reverse Engineering Malicious Applications

Ioan Cristian Iacob

Abstract


Detecting new and unknown malware is a major challenge in today’s software. Security profession. A lot of approaches for the detection of malware using data mining techniques have already been proposed. Majority of the works used static features of malware. However, static detection methods fall short of detecting present day complex malware. Although some researchers proposed dynamic detection methods, the methods did not use all the malware features. In this work, an approach for the detection of new and unknown malware was proposed and implemented. Each sample was reverse engineered for analyzing its effect on the operating environment and to extract the static and behavioral features. 


Keywords


Reverse Engineering, Applications, Malicious, Security, Malware

Full Text:

PDF

References


http://en.wikipedia.org/wiki/Malware#History_of_viruses_and_worms

http://www.cisco.com/web/about/security/intelligence/virus-worm-diffs.html

https://cve.mitre.org/

https://software.imdea.org/~juanca/papers/ppi_usenixsec11.pdf

http://securityintelligence.com/3-ways-steal-corporate-credentials/#.VTU8WfmUd8E

http://www.wordstream.com/black-hat-seo

http://en.wikipedia.org/wiki/Ransomware

http://www.kaspersky.com/about/news/virus/2013/Kaspersky_Lab_Identifies_Operation_Red_October_an_Advanced_Cyber_Espionage_Campaign_Targeting_Diplomatic_and_Government_Institutions_Worldwide

http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance

http://en.wikipedia.org/wiki/Regin_(malware)#cite_note-intercept20041124-3

http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance

http://en.wikipedia.org/wiki/Flame_%28malware%29

The “Practical Malware Analysis” book by Michael Sikorski and Andrew Honig

http://upx.sourceforge.net/

http://www.codeproject.com/Articles/30815/An-Anti-Reverse-Engineering-Guide

https://www.blackhat.com/presentations/bh-usa-07/Yason/Whitepaper/bh-usa-07-yason-WP.pdf

http://www.autosectools.com/process-hollowing.pdf

https://www.blackhat.com/presentations/bh-usa-07/Butler_and_Kendall/Presentation/bh-usa-07-butler_and_kendall.pdf

http://blog.opensecurityresearch.com/2013/01/windows-dll-injection-basics.html

Bitdefender “Reverse Engineering Malware” course notes

http://blogs.cisco.com/security/talos/threat-spotlight-dyre

http://malwaremusings.com/2012/10/13/self-modifying-code-changing-memory-protection/

Mandiant “Advanced Malware Analysis” course notes

https://www.hex-rays.com/products/ida/support/download.shtml

http://arstechnica.com/security/2015/05/gpu-based-rootkit-and-keylogger-offer-superior-stealth-and-computing-power/

http://seclab.stanford.edu/websec/chromium/chromium-security-architecture.pdf


Refbacks

  • There are currently no refbacks.


Journal of Mobile, Embedded and Distributed Systems (JMEDS) ISSN: 2067 – 4074 (online)