A stress testing web-based framework for automated malware analysis

Abstract Polymorphic malware pose a serious threat to cyber security especially if it is a zeroday. They are self-mutating and change their signatures at every run. Due to their dynamic behavior at execution time, antivirus solutions may not be able to detect them. Thus, it is utmost important to detect and analyze these malware samples. To address it, we created a polymorphic malware, analyzed it in a sandbox (a web-based framework to perform live code analysis in a controlled/isolated environment) and finally tested the framework. The framework analyzes files, registry keys, network traffic and behavior of PE (Portable Executable) file and helps to detect if it is packed or not. We used stress testing technique to test the framework for efficiency in successfully analyzing N malware samples in first attempt.