| Presentation | 2014-06-06 Development of an Environment-independent Dynamic Analysis System for Document Malware Masaki KAMIZONO, Kazuki IWAMOTO, Takahiro KASAMA, Masashi ETO, Daisuke INOUE, Koji NAKAO, |
|---|---|
| PDF Download Page |  PDF download Page Link |
| Abstract(in Japanese) | (See Japanese page) |
| Abstract(in English) | As one of the countermeasures against malware, various dynamic analysis systems have been proposed, which perform their analyses by monitoring behavior of targeted malware. Usually, recent document malware employed by Advanced Persistent Threat (APT) exploit vulnerabilities of applications. Therefore, it is difficult to precisely analyze a malware if the analysis environment does not have adequate vulnerabilities that are targeted by the malware. However once an exploitation succeeded, an environment-independent shellcode is executed by the malware, which can be executed on any kinds of analysis environment. Based on this premise, this paper proposes an environment-independent document malware analysis system. The system finds out a start position of a shellcode embedded in a document malware and then generates a Portable Executable (PE) file which begins from the found start position of the shellcode in the original file. The generated executable is executed in the environment without steps of the vulnerability exploitation. |
| Keyword(in Japanese) | (See Japanese page) |
| Keyword(in English) | Document Type Malware / Vulnerability / Malware Dynamic Analysis / shellcode / Advanced Persistent Threat |
| Paper # | IA2014-6,ICSS2014-6 |
| Date of Issue |
| Conference Information | |
| Committee | IA |
|---|---|
| Conference Date | 2014/5/29(1days) |
| Place (in Japanese) | (See Japanese page) |
| Place (in English) | |
| Topics (in Japanese) | (See Japanese page) |
| Topics (in English) | |
| Chair | |
| Vice Chair | |
| Secretary | |
| Assistant | |
| Paper Information | |
| Registration To | Internet Architecture(IA) |
|---|---|
| Language | JPN |
| Title (in Japanese) | (See Japanese page) |
| Sub Title (in Japanese) | (See Japanese page) |
| Title (in English) | Development of an Environment-independent Dynamic Analysis System for Document Malware |
| Sub Title (in English) | |
| Keyword(1) | Document Type Malware |
| Keyword(2) | Vulnerability |
| Keyword(3) | Malware Dynamic Analysis |
| Keyword(4) | shellcode |
| Keyword(5) | Advanced Persistent Threat |
| 1st Author's Name | Masaki KAMIZONO |
| 1st Author's Affiliation | National Institute of Information and Communications Technology:Advanced Research Laboratory, Securebrain Corporation() |
| 2nd Author's Name | Kazuki IWAMOTO |
| 2nd Author's Affiliation | Advanced Research Laboratory, Securebrain Corporation |
| 3rd Author's Name | Takahiro KASAMA |
| 3rd Author's Affiliation | National Institute of Information and Communications Technology |
| 4th Author's Name | Masashi ETO |
| 4th Author's Affiliation | National Institute of Information and Communications Technology |
| 5th Author's Name | Daisuke INOUE |
| 5th Author's Affiliation | National Institute of Information and Communications Technology |
| 6th Author's Name | Koji NAKAO |
| 6th Author's Affiliation | National Institute of Information and Communications Technology |
| Date | 2014-06-06 |
| Paper # | IA2014-6,ICSS2014-6 |
| Volume (vol) | vol.114 |
| Number (no) | 70 |
| Page | pp.pp.- |
| #Pages | 6 |
| Date of Issue | |