Automatic Extraction of Secrets From Malware

Free registration required

Executive Summary

As promising results have been obtained in defeating code obfuscation techniques, malware authors have adopted protection approaches to hide malware-related data from analysis. Consequently, the discovery of internal ciphertext data in malware is now critical for malware forensics and cyber-crime analysis. In this paper, the authors present a novel approach to automatically extract secrets from malware. Their approach identifies and extracts binary code relevant to secret hiding behaviors. Then, they relocate and reuse the extracted binary code in a self-contained fashion to reveal hidden information. They demonstrate the feasibility of their approach through a proof-of-concept prototype called ASES (Automatic and Systematic Extraction of Secrets) along with experimental results.

  • Format: PDF
  • Size: 342.21 KB