Presentation 2007-07-20
Exploring the required conditions for malware to run for behavior analysis
Yuji HOSHIZAWA, Kouichirou OKADA, Motoaki YAMAMURA, Takayoshi SHIIGI,
PDF Download Page PDF download Page Link
Abstract(in Japanese) (See Japanese page)
Abstract(in English) As a way of knowing host or behavior of malware on the network, we run malware in an isolated environment that doesn't affect other systems and monitor the behavior, which is called dynamic analysis. It is relatively easy to realize and get a certain level of results quickly, because there are many tools that record the access to the registry or files and capture the network traffic. However, it is far from easy to analyze malware that work under specific conditions, such as malware that change process depending on time and date or the day of the week, or work only when there are particular files. In this paper, we consider the way of exploring required conditions of malware automatically, to reduce the analyzing time and to improve the accuracy of the result of analysis using the dynamic analysis.
Keyword(in Japanese) (See Japanese page)
Keyword(in English) Malware / Bot / Required conditions / Automation
Paper # ISEC2007-53
Date of Issue

Conference Information
Committee ISEC
Conference Date 2007/7/13(1days)
Place (in Japanese) (See Japanese page)
Place (in English)
Topics (in Japanese) (See Japanese page)
Topics (in English)
Chair
Vice Chair
Secretary
Assistant

Paper Information
Registration To Information Security (ISEC)
Language JPN
Title (in Japanese) (See Japanese page)
Sub Title (in Japanese) (See Japanese page)
Title (in English) Exploring the required conditions for malware to run for behavior analysis
Sub Title (in English)
Keyword(1) Malware
Keyword(2) Bot
Keyword(3) Required conditions
Keyword(4) Automation
1st Author's Name Yuji HOSHIZAWA
1st Author's Affiliation SecureBrain Corporation()
2nd Author's Name Kouichirou OKADA
2nd Author's Affiliation SecureBrain Corporation
3rd Author's Name Motoaki YAMAMURA
3rd Author's Affiliation SecureBrain Corporation
4th Author's Name Takayoshi SHIIGI
4th Author's Affiliation Japan Computer Emergency Response Team Coordination Center
Date 2007-07-20
Paper # ISEC2007-53
Volume (vol) vol.107
Number (no) 141
Page pp.pp.-
#Pages 5
Date of Issue