Trace: challenge_one_malware_body_isolation_through_tracing

forum

Challenge One: Malware body isolation through tracing

Xiangyu Zhang, 9/5 I have received three proposals. They are listed as follows. 

I'm not sure how malware works. I'm assuming the first time it runs the
decryption engine decrypts the malicious code and the second time it runs
the malicious code does the damage. So one way to extract it using valgrind
would be to run the code once through the decoder and write to disk the
exact IR of the entire file. Now run the code once so the malware is
decrypted. Running the code through the decode a second time and checking
the IR against what we expect should tell us where the malware is.

Solutions are anonymous. Feel free to review these solutions and post your comments.

I have received three more solutions.

Submission is closed and discussion is on.

disst/challenge_one_malware_body_isolation_through_tracing.txt · Last modified: 2019/08/16 21:33 (external edit)

Announcements:
Welcome to Program Analysis for Deep Learning

Instructor:
Xiangyu Zhang
Times:TR 9:00-10:15am
Location: LWSN 1106
Office Hours: Tue and Thu. 10:30-11:30am
TA: Guanhong Tao, taog at purdue.edu
TA Office: LWSN 3133

 
 
Recent changes RSS feed Creative Commons License Donate Driven by DokuWiki