Modeling Evasive Malware Authoring Techniques

Malware have proliferated due to the ease at which it can be created, sourced, or purchased. Furthermore, with extensive accessibility of obfuscation, binding and crypting tools, infection has become widespread and effortless. While advanced persistent threats (APT) use zero-day malware or near zero day, it has been observed that not all malwares in the wild are zero or near zero day. Hence, in this paper our objective is (1) model malware authoring process, (2) recreate the process of malware authoring by creating 18 malwares using four different commonly used constructor (malware authoring) tools, (3) evaluate the detection rate, and (4) observe if the OS defenses quarantine these payloads. Hence our process involves malware creation, detection, infection, and analysis.