Date Added: Aug 2011
As promising results have been obtained in defeating code obfuscation techniques, malware authors have adopted protection approaches to hide malware-related data from analysis. Consequently, the discovery of internal ciphertext data in malware is now critical for malware forensics and cyber-crime analysis. In this paper, the authors present a novel approach to automatically extract secrets from malware. Their approach identifies and extracts binary code relevant to secret hiding behaviors. Then, they relocate and reuse the extracted binary code in a self-contained fashion to reveal hidden information. They demonstrate the feasibility of their approach through a proof-of-concept prototype called ASES (Automatic and Systematic Extraction of Secrets) along with experimental results.