Emulation-based Malware Analysis

Given a piece of unknown malware, the objective of malware analysis is to reverse engineer it and quickly reveal its inner workings. We take an emulation based approach to this problem. We build a dynamic binary analysis platform called DECAF based on a CPU emulator QEMU, and then on top of DECAF, we perform various analyses to analyze spyware, rootkit, etc.

lcsmithPapers of Malware Analysis

[1] Heng Yin and Dawn Song. Automatic Malware Analysis: An Emulator based Approach. In Springer Briefs in Computer Science, September 2012. [ bib | http ]
Malicious software (i.e., malware) has become a severe threat to interconnected computer systems for decades and has caused billions of dollars damages each year. A large volume of new malware samples are discovered daily. Even worse, malware is rapidly evolving becoming more sophisticated and evasive to strike against current malware analysis and defense systems.  Automatic Malware Analysis presents a virtualized malware analysis framework that addresses common challenges in malware analysis. In regards to this new analysis framework, a series of analysis techniques for automatic malware analysis is developed. These techniques capture intrinsic characteristics of malware, and are well suited for dealing with new malware samples and attack mechanisms.

Malware Analysis Web Service …..

<-Submit your own sample now->

lcsmith