Extraction of Malicious Code from Packed Malware using Emulated Environment

Suhandi, Suhandi and Lukas, Lukas and Lim, Charles (2018) Extraction of Malicious Code from Packed Malware using Emulated Environment. Masters thesis, Swiss German University.

[img]
Preview
Text
Suhandi 21551009 TOC.pdf

Download (213kB) | Preview
[img] Text
Suhandi 21551009 1.pdf
Restricted to Registered users only

Download (187kB)
[img] Text
Suhandi 21551009 2.pdf
Restricted to Registered users only

Download (682kB)
[img] Text
Suhandi 21551009 3.pdf
Restricted to Registered users only

Download (461kB)
[img] Text
Suhandi 21551009 4.pdf
Restricted to Registered users only

Download (1MB)
[img] Text
Suhandi 21551009 5.pdf
Restricted to Registered users only

Download (149kB)
[img]
Preview
Text
Suhandi 21551009 Ref.pdf

Download (218kB) | Preview

Abstract

Malware Authors are nowadays creating a new technique for evading malware analyst. Encryption and compression can evade a malware static analysis. Binary Obfuscation is one of the techniques which applied encryption and compression on malware. In this thesis, a method is proposed to perform a dynamic analysis from packed malware using memory scanning analysis and instruction tracing to extract a hidden code of malware. By using this method, unpacking process can be determined exactly and hidden code can be extracted. Using similarity and entropy as validation technique help analyst to determine whether hidden malicious code can be extracted successfully.

Item Type: Thesis (Masters)
Uncontrolled Keywords: Packed Malware; Memory Forensic; Dynamic Analysis; Evasion Technique
Subjects: H Social Sciences > HV Social pathology. Social and public welfare > HV6773 Computer crimes
T Technology > T Technology (General) > T58.5 Information technology
Divisions: Faculty of Engineering and Information Technology > Department of Information Technology
Depositing User: Astuti Kusumaningrum
Date Deposited: 13 Jul 2020 15:46
Last Modified: 13 Jul 2020 15:46
URI: http://repository.sgu.ac.id/id/eprint/789

Actions (login required)

View Item View Item