|
Title:
|
WIN32 PE MALWARE AUTO-ANALYSIS USING KERNEL CALL-BACK MECHANISM |
|
Author(s):
|
JooHyung Oh, ChaeTae Im, Hyuncheol Jeong |
|
ISBN:
|
978-972-8939-30-4 |
|
Editors:
|
Hans Weghorn, Pedro IsaĆas and Radu Vasiu |
|
Year:
|
2010 |
|
Edition:
|
Single |
|
Keywords:
|
Malware, Malware Behavior Analysis, Kernel callback |
|
Type:
|
Poster/Demonstration |
|
First Page:
|
284 |
|
Last Page:
|
286 |
|
Language:
|
English |
|
Cover:
|
|
|
Full Contents:
|
click to dowload 
|
|
Paper Abstract:
|
Due to the growing number of unknown malware samples, malware auto-analysis research is now studing for analysing collected malware and making the response signature. Recently many hooking based malware behavior analysis research had proposed, but they can not analysis rootkit type malwares which directly call the kernel and avoid using the win32 api. Also, kernel-level API hooking can cause other programs to crash or perfrom unexpectedly and performance issues due to the large amount of injected code. Therefore, we present an approach based on a kernel callback mechanism to analysis lage volumes of malware sample in a short period of time. It provides a general way for drivers to request and provide notification when certain conditions are satisfied, such as creating file, eding registry entry, etc. And There is no preformace issues because proposed call-back based analysis method can monitor the behavior without injecting the hooking code. |
|
|
|
|
|
|
