Sciweavers

SP
2010
IEEE

Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries

14 years 3 months ago
Inspector Gadget: Automated Extraction of Proprietary Gadgets from Malware Binaries
Abstract—Unfortunately, malicious software is still an unsolved problem and a major threat on the Internet. An important component in the fight against malicious software is the analysis of malware samples: Only if an analyst understands the behavior of a given sample, she can design appropriate countermeasures. Manual approaches are frequently used to analyze certain key algorithms, such as downloading of encoded updates, or generating new DNS domains for command and control purposes. In this paper, we present a novel approach to automatically extract, from a given binary executable, the algorithm related to a certain activity of the sample. We isolate and extract these instructions and generate a so-called gadget, i.e., a stand-alone component that encapsulates a specific behavior. We make sure that a gadget can autonomously perform a specific task by including all relevant code and data into the gadget such that it can be executed in a self-contained fashion. Gadgets are useful...
Clemens Kolbitsch, Thorsten Holz, Christopher Krue
Added 16 Aug 2010
Updated 16 Aug 2010
Type Conference
Year 2010
Where SP
Authors Clemens Kolbitsch, Thorsten Holz, Christopher Kruegel, Engin Kirda
Comments (0)