About This File
Malicious software are usually obuscated to avoid detection and resist analysis. When new malware is encountered, such obfuscations have to be penetrated or removed (deobfuscated) in order to understand the internal logic of the code and devise countermeasures. This paper discusses an approach for deobfuscation of code that uses emulation-based obfuscation, a particularly challenging class of obfuscations that have deployed in recent years. Our approach is highly general in that we do not make any assumptions about the nature of the obfuscations used; instead, we use semantics preserving program transformations to simplify away obfuscation code. Experiments show that our approach is effective in extracting the internal logic from code obfuscated using a variety of emulation-based obfuscators, including tools such as Themida that previous approaches could not handle.
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now