论文信息 - Disabling Anti-Debugging Techniques for Unpacking System in User-level Debugger

Disabling Anti-Debugging Techniques for Unpacking System in User-level Debugger

E-mail attacks and spear phishing attacks, which have been pretended as corporations and civil servants, are occurring frequently. Phishing is used to steal user’s personal or financial information by redirecting users to web-sites hosted with malicious code. Malware is becoming more and more intelligent as it combines with social engineering techniques, causing damage to companies, organization, or users through e-mail or web sites. Attackers who create malware use a variety of techniques, such as disrupting and delaying analysis to increase malware’s life time. Anti-debugging techniques interferes with malware analysis and make it more difficult to analysis. We introduce five functions and one data structure that malware uses for anti-debugging techniques. We propose and verify a method for disabling anti-debugging techniques for such malware which have been protected by packing and anti-debugging techniques in user level debugger. This can be expected to make it easier for malware analysts to analyze malware that includes anti-debugging techniques.

Yang-Sae Moon | Jiwon Bang | Jong-Wouk Kim | Mi-Jung Choi

[1] Nirwan Ansari,et al. Revealing Packed Malware , 2008, IEEE Security & Privacy.

[2] Heejo Lee,et al. Generic unpacking using entropy analysis , 2010, 2010 5th International Conference on Malicious and Unwanted Software.

[3] Shang Gao,et al. Debugging classification and anti-debugging strategies , 2012, Other Conferences.

[4] Eul Gyu Im,et al. Evading Anti-debugging Techniques with Binary Substitution , 2014 .

[5] Eul Gyu Im,et al. Rule-based anti-anti-debugging system , 2013, RACS.

[6] Dragos Gavrilut,et al. Anti-emulation trends in modern packers: a survey on the evolution of anti-emulation techniques in UPA packers , 2018, Journal of Computer Virology and Hacking Techniques.

[7] Stephen Taylor,et al. Software Protection through Anti-Debugging , 2007, IEEE Security & Privacy.

[8] Jelena Mirkovic,et al. Hiding debuggers from malware with apate , 2017, SAC.

[9] Yang-seo Choi,et al. PE File Header Analysis-Based Packed PE File Detection Technique (PHAD) , 2008, International Symposium on Computer Science and its Applications.

[10] Gabriel Negreira Barbosa,et al. Scientific but Not Academical Overview of Malware Anti-Debugging , Anti-Disassembly and Anti-VM Technologies , 2012 .

[11] Tzi-cker Chiueh,et al. A Study of the Packer Problem and Its Solutions , 2008, RAID.

[12] Andrew Honig,et al. Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software , 2012 .