Malware Obfuscator for Malicious Executables

Computer viruses are a type of malware that have created threats to millions of computer systems connected over the Internet. Generally all malicious programs try to exploit vulnerabilities to infect the system. The traditional signature based scanner detects malicious samples by comparing malware with signature repository. The signature based method can detect known malware but fails to detect variants of malware. Malware writers make use of self–modifying code to replicate and thwart detection. Such kind of malware is known as metamorphic malware and is very difficult to detect. These malware make use of code obfuscation techniques to generate new variants. Metamorphic malware uses a engine which change the code by incorporating obfuscation methods like junk code insertion, dead code insertion, instruction permutation etc. In this research work, an assembly code morpher is designed which has the ability to morph malware source programs generated using malware constructors and viruses downloaded from VX Heavens. The proposed method also computes the similarity between base malware and its known variants.