2012 | OriginalPaper | Buchkapitel
An Enhanced Instruction Tracer for Malware Analysis
verfasst von : Zheyuan Liu
Erschienen in: Business, Economics, Financial Sciences, and Management
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
Modern malicious applications use advanced anti-debugger, anti-virtualization, and code packing techniques to obfuscate the malware’s true activities and divert security analysts. Malware analysts currently do not have a simple method for tracing malicious code activity at the instruction-level in a highly undetectable environment. This paper presents an enhanced instruction tracer as an extension to the Xen Ether virtualization framework to aid in the task of malicious software analysis. It places a malware binary into a virtualized environment and records the contents of all processor general register values that occur during its execution. Evaluation shows its new level of introspection for advanced malware that was not available with the previous state-of-the-art analysis tools.