Distributing The Reconstruction of High-Level Intermediate Representation for Large Scale Malware Analysis

by Rodrigo Branco, Gabriel Negreira Barbosa, Eugene Rodionov, Alexander Matrosov
Sept. 18, 2017 1 comment Black Hat belen_caty

Malware is acknowledged as an important threat and the number of new samples grows at an absurd pace. Additionally, targeted and so called advanced malware became the rule, not the exception. Analysts and companies use different degrees of automation to be able to handle the challenge, but there is always a gap. Reverse engineering is an even harder task due to the increased amount of work and the stricter time-frame to accomplish it. This has a direct impact on the investigative process and thus makes prevention of future threats more challenging. In this work, the authors discuss distributed reverse engineering techniques, using intermediate representation (thanks Hex-Rays team for support us in this research) in a clustered environment. The results presented demonstrate different uses for this kind of approach, for example to find algorithmic commonalities between malware families.


Steven Ulm 8 months, 1 week ago

Excellent article! Well written and researched! One of the reasons I come often to SecurityDocs :)