{"title":"Automatic Extraction of Secrets from Malware","authors":"Ziming Zhao, Gail-Joon Ahn, Hongxin Hu","doi":"10.1109/WCRE.2011.27","DOIUrl":null,"url":null,"abstract":"As promising results have been obtained in defeating code obfuscation techniques, malware authors have adopted protection approaches to hide malware-related data from analysis. Consequently, the discovery of internal cipher text data in malware is now critical for malware forensics and cyber-crime analysis. In this paper, we present a novel approach to automatically extract secrets from malware. Our approach identifies and extracts binary code relevant to secret hiding behaviors. Then, we relocate and reuse the extracted binary code in a self-contained fashion to reveal hidden information. We demonstrate the feasibility of our approach through a proof-of-concept prototype called ASES (Automatic and Systematic Extraction of Secrets) along with experimental results.","PeriodicalId":350863,"journal":{"name":"2011 18th Working Conference on Reverse Engineering","volume":"45 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 18th Working Conference on Reverse Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WCRE.2011.27","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 8
Abstract
As promising results have been obtained in defeating code obfuscation techniques, malware authors have adopted protection approaches to hide malware-related data from analysis. Consequently, the discovery of internal cipher text data in malware is now critical for malware forensics and cyber-crime analysis. In this paper, we present a novel approach to automatically extract secrets from malware. Our approach identifies and extracts binary code relevant to secret hiding behaviors. Then, we relocate and reuse the extracted binary code in a self-contained fashion to reveal hidden information. We demonstrate the feasibility of our approach through a proof-of-concept prototype called ASES (Automatic and Systematic Extraction of Secrets) along with experimental results.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
