← forum
Challenge One: Malware body isolation through tracing
Xiangyu Zhang, 9/5 I have received three proposals. They are listed as follows.
- Solution 2
I'm not sure how malware works. I'm assuming the first time it runs the decryption engine decrypts the malicious code and the second time it runs the malicious code does the damage. So one way to extract it using valgrind would be to run the code once through the decoder and write to disk the exact IR of the entire file. Now run the code once so the malware is decrypted. Running the code through the decode a second time and checking the IR against what we expect should tell us where the malware is.
Solutions are anonymous. Feel free to review these solutions and post your comments.
I have received three more solutions.
Submission is closed and discussion is on.