Automatic extraction of secrets from malware

Ziming Zhao, Gail-Joon Ahn, Hongxin Hu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Scopus citations

Abstract

As promising results have been obtained in defeating code obfuscation techniques, malware authors have adopted protection approaches to hide malware-related data from analysis. Consequently, the discovery of internal cipher text data in malware is now critical for malware forensics and cyber-crime analysis. In this paper, we present a novel approach to automatically extract secrets from malware. Our approach identifies and extracts binary code relevant to secret hiding behaviors. Then, we relocate and reuse the extracted binary code in a self-contained fashion to reveal hidden information. We demonstrate the feasibility of our approach through a proof-of-concept prototype called ASES (Automatic and Systematic Extraction of Secrets) along with experimental results.

Original languageEnglish (US)
Title of host publicationProceedings - 18th Working Conference on Reverse Engineering, WCRE 2011
Pages159-168
Number of pages10
DOIs
StatePublished - Dec 19 2011
Event18th Working Conference on Reverse Engineering, WCRE 2011 - Limerick, Ireland
Duration: Oct 17 2011Oct 20 2011

Publication series

NameProceedings - Working Conference on Reverse Engineering, WCRE
ISSN (Print)1095-1350

Other

Other18th Working Conference on Reverse Engineering, WCRE 2011
CountryIreland
CityLimerick
Period10/17/1110/20/11

ASJC Scopus subject areas

  • Software

Fingerprint Dive into the research topics of 'Automatic extraction of secrets from malware'. Together they form a unique fingerprint.

Cite this