Ransomware Analysis Using Reverse Engineering
暂无分享,去创建一个
Ransomware threat continues to grow over years. The existing defense techniques for detecting malicious malware will never be sufficient because of Malware Persistence Techniques. Packed malware makes analysis harder & also it may sound like a trusted executable for evading modern antivirus. This paper focuses on the analysis part of few ransomware samples using different reverse engineering tools & techniques. There are many automated tools available for performing malware analysis, but reversing it manually helped to write two different patches for Wannacry ransomware. Execution of patched ransomware will not encrypt the user machine. Due to new advanced evading techniques like Anti-Virtual Machine (VM) & Anti-debugging, automated malware analysis tools will be less useful. The Application Programming Interface (API) calls which we used to create patch, were used to create Yara rule for detecting different variants of the same malware as well.
[1] T. Gireesh Kumar,et al. A Framework for Dynamic Malware Analysis Based on Behavior Artifacts , 2016, FICTA.
[2] Alexandre Gazet,et al. Comparative analysis of various ransomware virii , 2010, Journal in Computer Virology.
[3] Alessandro Barenghi,et al. ShieldFS: a self-healing, ransomware-aware filesystem , 2016, ACSAC.
[4] T. Gireesh Kumar,et al. Malware capturing and detection in dionaea honeypot , 2017, 2017 Innovations in Power and Advanced Computing Technologies (i-PACT).