Stealth & Dynamic Analysis of Malware
Omer Sezgin Ugurlu
MSc.Student
Computer Engineering Department
Bilkent University
Number of samples need to be analyzed by security vendors is constantly increasing. Anubis is a tool for determining purpose and functionality of Windows executables. Anubis uses guest QEMU virtual machine to execute and analyze unknown binary. Binary files can be submitted from the web interface of the system host system. After execution human readable reports are generated to aid human analyst to classify the malware. Reports may leak information specific to Anubis installation. This information may lead to detailed fingerprint generation of Anubis. Once the fingerprint extracted it can be used to detect Anubis. Malicious behavior can be hidden by malware authors in case of detection. Our aim is to create random and stealth execution environment for preventing detection of Anubis to prevent false-negative classifications.
DATE:
3 December, 2007, Monday@ 15:40
PLACE:
EA 409