Evading Malware Analysis Using Reverse Execution

Evading Malware Analysis Using Reverse Execution

Malware is a security threat, and various means are adapted to detect and block them. In this paper, we demonstrate a method where malware can evade malware analysis. The method is based on single-step reverse execution of code using the self-debugging feature. We discuss how self-debugging code wor...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:arXiv.org 2021-11
Hauptverfasser: Mishra, Adhokshaj, Roy, Animesh, Hanawal, Manjesh Kumar
Format: Artikel
Sprache:eng
Schlagworte:
Cybersecurity
Debugging
Malware
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Malware is a security threat, and various means are adapted to detect and block them. In this paper, we demonstrate a method where malware can evade malware analysis. The method is based on single-step reverse execution of code using the self-debugging feature. We discuss how self-debugging code works and use that to derive reverse execution for any payload. Further, we demonstrate the feasibility of a detection evading malware through a real implementation that targets Linux x86-64 architecture for a reference implementation. The reference implementation produces one result when run in one direction and a different result when run in the reverse direction.
ISSN:2331-8422