Title: Disassembly and detection of self-modifying malicious software
| Issue Number: | Vol. 11, No. 4 |
| Year of Publication: | 2021 |
| Page Numbers: | 64-74 |
| Authors: | Mourad M.H Henchiri, Sharyar Wani |
| Journal Name: | International Journal of Digital Information and Wireless Communications (IJDIWC) - Hong Kong |
Abstract:
There are many risks associated with IT security. Computer users want to protect their privacy data. Businesses run the risk of losses from disclosure of their intellectual property or trade secrets. Software is at the center of information systems. They may have bugs or vulnerabilities that expose their users to these risks. The presence and exploitation of a vulnerability in a legitimate program reflects only design errors and not malicious intent on the part of the software developer. In addition, a program can send personal data to its publisher for the purpose of serving targeted advertising. If this functionality is clearly indicated to the user, the program can still be considered legitimate. In contrast, software whose purpose is to expose user privacy without warning is malicious. We therefore approve that a malicious software is said to be malicious if it intentionally and unknowingly performs operations that go against the user’s interest. In this research we are proposing a hybrid analysis method to disassemble and reconstruct the control flow graph of an obscured malware. We particularly seek to counter two methods of obfuscation. The first is self-modifying, a technique that allows programs to hide their payload and only reveal it just before it runs. The second is code overlap, allowing multiple instructions to be encoded on common addresses.