Digital genome mapping: ad-vanced binary malware analysis

Windows binary malware has come a long way. Today’s average worm is often tens or hundreds of kilobytes of code exhibiting a level of complexity that surpasses even some operating systems. This degree of complexity, coupled with the overwhelming flow of new malware, calls for improvements to tools and techniques used in analysis. Our paper elaborates on how to use graph theory to aid the analysis. Using graphs and extensions with the popular Interactive Disassembler Pro package, we hope to reduce the time needed to understand the structure of complex malware. These methods have proven to be helpful in finding similarities and differences between different malware variants and strains. Focusing on the differences by keeping off already known code allows rapid analysis and classification of malware, while reducing redundant efforts.