Dynamic analysis of malicious code

Journal in Computer Virology

Volumn 2, Issue 1, 2006, Pages 67-77

  Bayer, Ulrich ^a   Moser, Andreas ^b   Kruegel, Christopher ^b   Kirda, Engin ^b  

^a Ikarus Software   (Austria)

^b VIENNA UNIVERSITY OF TECHNOLOGY   (Austria)

Author keywords

Analysis; API; Dynamic analysis; Malware; Static analysis; Virus worm

Indexed keywords

EID: 33748932391     PISSN: 17729890     EISSN: 17729904     Source Type: Journal    
DOI: 10.1007/s11416-006-0012-2     Document Type: Conference Paper

References (26)

1. Bellard, F.: Qemu, a fast and portable dynamic translator. In: Usenix Annual Technical Conference. 2005
2. Christodorcscu, M., Jha, S.: Static analysis of executables to detect malicious patterns. In: Usenix Security Symposium, 2003
3. Christodorescu, M., Jha, S., Seshia, S., Song, D., Bryant, R.: Semantics-aware mal ware detection. In: IEEE Symposium on Security and Privacy, 2005
4. Collberg, C.,Thomborson, C., Low, D.: Manufacturing cheap, resilient, and stealthy opaque constructs. In: Conference on Principles of Programming Languages (POPL). 1998
5. Computer Economics. Malware report 2005: the impact of malicious code attacks. 2006. http://www.computereconomics.com/ articlc.cfm?id=1090
6. Hunt, G., Brubachcr, D.: Detours: binary interception of Win32 functions. In: 3rd USENIX Windows NT Symposium, 1999
7. Kaspersky Lab: antivirus software, 2006. http://www. kaspersky.com/
8. Kruegel, C., Robertson, W., Vigna, G.: Detecting Kernel-level rootkits through binary analysis. In: Annual Computer Security Application Conference (ACSAC), 2004
9. Linn, C., Debray, S.: Obfuscation of executable code to improve resistance to static disassembly. In: ACM Conference on Computer and Communications Security (CCS), 2003
10. Windows Device Driver Kit 2003, 2006. http://www.microsoft.com/whdc/ devtools/ddk/
11. Microsoft IFS KIT, 2006. http://www.microsoft.com/whdc/ devtools/ifskit
12. Microsoft PECOFF. Microsoft Portable Executable and Common Object File Format Specification, 2006. http://www.microsoft.com/ whdc/system/platform/ firmware/PECOFF.mspx
13. Microsoft Platform SDK, 2006. http://www.microsoft.com/ msdownload/platfurmsdk/
14. Nebbett, G.: Windows NT/2000 Native API Reference. New Riders Publishing, indianapolis, 2000
15. Neitzel, M.St.: Analysis of win.32/sobery, 2005. http://www. eset.com/msgs/sober.htm
16. Oberhumer, M., Molnar, L.: UPX: Ultimate Packer for eXeculables. 2004. http://upx.sourceforge.net/
17. Robin, J., Irvine, C.: Analysis of the Intel Pentium's ability to supporta secure virtual machine monitor. In: Usenix Annual Technical Conference. 2000
18. Russinovich, M., Cogswell, B.: Freeware Sysinternals, 2006. http://www.sysinternals.com/
19. Russinovich, M., Solomon, D.: Microsoft Windows Internals: Windows Server 2003, Windows XP, and Windows 2000. Microsoft Press, Bellevue (2004)
20. Rutkowska, J.: Red pill... or how to detect VMM using (almost) one CPU instruction. 2006. http://invisiblethings.org/ papers/redpill.html
21. Symantec. Internet security threat report. 2005. http://www. symantec.com/enterprise/threatreport/index.jsp
22. Szor. P.: The Art of Computer Virus Research and Defense. Addison Wesley, Reading (2005)
23. Vasudevan, A., Yerraballi, R.: Stealth breakpoints. In: 21st Annual Computer Security Applications Conference. 2005
24. VMware: server and desktop virtualization, 2006. http://www.vmware.com/
25. Wang, C.: A security architecture for survivability mechanisms. PhD Thesis, University of Virginia (2001)
26. Yetiser, T.: Polymorphic Viruses - Implementation, detection, and protection. 1993. http://vx.netlux.org/lib/ayt01.html