AAU Student Projects - visit Aalborg University's student projects portal
A master's thesis from Aalborg University
Book cover


Detection of debugger aware malware

Author

Term

4. term

Education

Software, Master

Publication year

2015

Submitted on

Pages

46

Abstract

This project addresses the fact that sophisticated malware often detects when it is being analyzed with a debugger and then alters its behavior or exits to evade detection. This creates a need to automatically flag samples that are debugger-aware so they can be routed to more fine-grained analysis. The core question is how to automatically identify malware that behaves differently in the presence of a debugger or other analysis artifacts. Two approaches are examined: instruction tracing and differential analysis. In the adopted differential analysis workflow, the same sample is run on two virtual machines—one “clean” and one containing traces of an analysis tool such as a debugger—and differences in observed behavior are used to label samples as evasive. Based on this, a utility tool and a Cuckoo Sandbox module were implemented to automate the process. The excerpt presents the design and integration of the solution; detailed evaluation results are not included in the provided section.

Dette projekt tager udgangspunkt i, at avanceret malware ofte opdager, når det analyseres med en debugger, og derfor ændrer adfærd eller stopper for at undgå afsløring. Det skaber et behov for automatisk at identificere prøver, som er debugger-bevidste, så de kan udvælges til mere fintmasket analyse. Forskningsspørgsmålet er, hvordan man automatisk kan opdage malware, der opfører sig forskelligt i nærvær af en debugger eller andre analysetegn. To tilgange undersøges: instruktionstracing og differensanalyse. I den valgte arbejdsgang for differensanalyse køres den samme prøve på to virtuelle maskiner—én “ren” og én med spor af et analyseværktøj som en debugger—hvorefter forskelle i den observerede adfærd bruges til at markere prøver som undvigende. På baggrund af dette er der udviklet et hjælpeværktøj og et modul til Cuckoo Sandbox, som automatiserer processen. Uddraget præsenterer design og integration af løsningen; detaljerede evalueringsresultater indgår ikke i den viste del.

[This apstract has been generated with the help of AI directly from the project full text]

Documents

Download PDF
View record in AAU Student Projects