Jump to content
Tuts 4 You

Automatic Deobfuscation of Emulation-Obfuscated Software

Teddy Rogers

About This File

Malicious software are usually obuscated to avoid detection and resist analysis. When new malware is encountered, such obfuscations have to be penetrated or removed (deobfuscated) in order to understand the internal logic of the code and devise countermeasures. This paper discusses an approach for deobfuscation of code that uses emulation-based obfuscation, a particularly challenging class of obfuscations that have deployed in recent years. Our approach is highly general in that we do not make any assumptions about the nature of the obfuscations used; instead, we use semantics ­preserving program transformations to simplify away obfuscation code. Experiments show that our approach is effective in extracting the internal logic from code obfuscated using a variety of emulation-based obfuscators, including tools such as Themida that previous approaches could not handle.

User Feedback

Recommended Comments

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...