Automated Packer Classification
In the everlasting arms race between malware writers and security researchers the run time packer is the answer to signature based anti-virus systems. A lot of research has been undertaken in order to be able to automatically analyse packed binaries to find out wether they contain malware. Malware writers are responding by adding more complexity to the run time packers and also trying to detect malware analysis systems. Most of the analysis system for run time packers are easily detectable. To make this detection of an analysis system more difficult, Virtual Machine Introspection (VMI) can be used. This thesis implements a VMI-based analysis system, which classify run time packers based on their complexity.
Automated Packer Classification
| Supervisor(s): | Sergej Proskurin Julian Kirsch |
| Status: | finished |
| Topic: | Monitoring (VMI etc.) |
| Author: | Ulrich Fourier |
| Submission: | 2017-09-15 |
| Type of Thesis: | Bachelorthesis |
| Proof of Concept | running on |
Astract:In the everlasting arms race between malware writers and security researchers the run time packer is the answer to signature based anti-virus systems. A lot of research has been undertaken in order to be able to automatically analyse packed binaries to find out wether they contain malware. Malware writers are responding by adding more complexity to the run time packers and also trying to detect malware analysis systems. Most of the analysis system for run time packers are easily detectable. To make this detection of an analysis system more difficult, Virtual Machine Introspection (VMI) can be used. This thesis implements a VMI-based analysis system, which classify run time packers based on their complexity. |
|