Skip to content Home Contact Mobile MyRMIT Library A-Z
RMIT UniversityResearch Repository
 

An automatic anti-anti-VMware technique applicable for multi-stage packed malware

Sun, L, Ebringer, T and Boztas, S 2008, 'An automatic anti-anti-VMware technique applicable for multi-stage packed malware', in J. Nazario, J. Fernandez (ed.) Proceedings of Malware 2008 Conference, United States, 6 -7 October 2008, pp. 17-23.

Document type: Conference Paper
Collection: Conference Papers

Title An automatic anti-anti-VMware technique applicable for multi-stage packed malware
Author(s) Sun, L
Ebringer, T
Boztas, S
Year 2008
Conference name The Third Malicious and Unwanted Software Conference
Conference location United States
Conference dates 6 -7 October 2008
Proceedings title Proceedings of Malware 2008 Conference
Editor(s) J. Nazario, J. Fernandez
Publisher IEEE
Place of publication United States
Start page 17
End page 23
Total pages 7
Abstract The VMware Workstation virtualisation software is widely used by antivirus researchers for malware analysis. However, a large amount of current generation malware employs various anti-VMware techniques in order to resist analysis. To make things worse, these anti-VMware techniques are applied not only in the payload itself, but also in the runtime packer that is used to disguise the malicious code. Fortunately, at the present time, there is not a wide variety of anti-VMware methods in use, so the assembly code which describes the operation is quite characteristic. The issue therefore becomes exactly at what stage of the execution should one look for such code, since the actual anti-VMware code is normally heavily obfuscated. Sometimes it may only be decrypted shortly before it is executed. This paper shows that judicious automated control of a debugger can successfully be used to slither around anti-VMware detections even in sophisticated packers, such as Themida.
Subjects Computer System Security
Keyword(s) viruses
malware
packing
unpacking
ISBN 9781424432899
 
Versions
Version Filter Type
Citation counts: Scopus Citation Count Cited 2 times in Scopus Article | Citations
Access Statistics: 61 Abstract Views  -  Detailed Statistics
Created: Mon, 29 Aug 2011, 09:25:00 EST by Catalyst Administrator