Automatic extraction of secrets from malware

Ziming Zhao; Gail-Joon Ahn; Hongxin Hu

doi:10.1109/WCRE.2011.27

Automatic extraction of secrets from malware

Ziming Zhao, Gail-Joon Ahn, Hongxin Hu

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

4 Scopus citations

Abstract

As promising results have been obtained in defeating code obfuscation techniques, malware authors have adopted protection approaches to hide malware-related data from analysis. Consequently, the discovery of internal cipher text data in malware is now critical for malware forensics and cyber-crime analysis. In this paper, we present a novel approach to automatically extract secrets from malware. Our approach identifies and extracts binary code relevant to secret hiding behaviors. Then, we relocate and reuse the extracted binary code in a self-contained fashion to reveal hidden information. We demonstrate the feasibility of our approach through a proof-of-concept prototype called ASES (Automatic and Systematic Extraction of Secrets) along with experimental results.

Original language	English (US)
Title of host publication	Proceedings - 18th Working Conference on Reverse Engineering, WCRE 2011
Pages	159-168
Number of pages	10
DOIs	https://doi.org/10.1109/WCRE.2011.27
State	Published - Dec 19 2011
Event	18th Working Conference on Reverse Engineering, WCRE 2011 - Limerick, Ireland Duration: Oct 17 2011 → Oct 20 2011

Publication series

Name	Proceedings - Working Conference on Reverse Engineering, WCRE
ISSN (Print)	1095-1350

Other

Other	18th Working Conference on Reverse Engineering, WCRE 2011
Country/Territory	Ireland
City	Limerick
Period	10/17/11 → 10/20/11

ASJC Scopus subject areas

Software

Access to Document

10.1109/WCRE.2011.27

Cite this

@inproceedings{d336b787139d463891c3d0ae24bf3597,

title = "Automatic extraction of secrets from malware",

abstract = "As promising results have been obtained in defeating code obfuscation techniques, malware authors have adopted protection approaches to hide malware-related data from analysis. Consequently, the discovery of internal cipher text data in malware is now critical for malware forensics and cyber-crime analysis. In this paper, we present a novel approach to automatically extract secrets from malware. Our approach identifies and extracts binary code relevant to secret hiding behaviors. Then, we relocate and reuse the extracted binary code in a self-contained fashion to reveal hidden information. We demonstrate the feasibility of our approach through a proof-of-concept prototype called ASES (Automatic and Systematic Extraction of Secrets) along with experimental results.",

author = "Ziming Zhao and Gail-Joon Ahn and Hongxin Hu",

year = "2011",

month = dec,

day = "19",

doi = "10.1109/WCRE.2011.27",

language = "English (US)",

isbn = "9780769545820",

series = "Proceedings - Working Conference on Reverse Engineering, WCRE",

pages = "159--168",

booktitle = "Proceedings - 18th Working Conference on Reverse Engineering, WCRE 2011",

note = "18th Working Conference on Reverse Engineering, WCRE 2011 ; Conference date: 17-10-2011 Through 20-10-2011",

}

TY - GEN

T1 - Automatic extraction of secrets from malware

AU - Zhao, Ziming

AU - Ahn, Gail-Joon

AU - Hu, Hongxin

PY - 2011/12/19

Y1 - 2011/12/19

N2 - As promising results have been obtained in defeating code obfuscation techniques, malware authors have adopted protection approaches to hide malware-related data from analysis. Consequently, the discovery of internal cipher text data in malware is now critical for malware forensics and cyber-crime analysis. In this paper, we present a novel approach to automatically extract secrets from malware. Our approach identifies and extracts binary code relevant to secret hiding behaviors. Then, we relocate and reuse the extracted binary code in a self-contained fashion to reveal hidden information. We demonstrate the feasibility of our approach through a proof-of-concept prototype called ASES (Automatic and Systematic Extraction of Secrets) along with experimental results.

AB - As promising results have been obtained in defeating code obfuscation techniques, malware authors have adopted protection approaches to hide malware-related data from analysis. Consequently, the discovery of internal cipher text data in malware is now critical for malware forensics and cyber-crime analysis. In this paper, we present a novel approach to automatically extract secrets from malware. Our approach identifies and extracts binary code relevant to secret hiding behaviors. Then, we relocate and reuse the extracted binary code in a self-contained fashion to reveal hidden information. We demonstrate the feasibility of our approach through a proof-of-concept prototype called ASES (Automatic and Systematic Extraction of Secrets) along with experimental results.

UR - http://www.scopus.com/inward/record.url?scp=83455205901&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=83455205901&partnerID=8YFLogxK

U2 - 10.1109/WCRE.2011.27

DO - 10.1109/WCRE.2011.27

M3 - Conference contribution

AN - SCOPUS:83455205901

SN - 9780769545820

T3 - Proceedings - Working Conference on Reverse Engineering, WCRE

SP - 159

EP - 168

BT - Proceedings - 18th Working Conference on Reverse Engineering, WCRE 2011

T2 - 18th Working Conference on Reverse Engineering, WCRE 2011

Y2 - 17 October 2011 through 20 October 2011

ER -

Automatic extraction of secrets from malware

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this