Static Analysis of the Disassembly against Malicious Code Obfuscated with Conditional Jumps

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Chao Dai Articles by Jianmin Pang Articles by Rongcai Zhao Articles by Xiaojun Ma

Seventh IEEE/ACIS International Conference on Computer and Information Science (icis 2008)

May 14-May 16

ISBN: 978-0-7695-3131-1

	ASCII Text	x
	Chao Dai, Jianmin Pang, Rongcai Zhao, Xiaojun Ma, "Static Analysis of the Disassembly against Malicious Code Obfuscated with Conditional Jumps," Computer and Information Science, ACIS International Conference on, pp. 525-530, Seventh IEEE/ACIS International Conference on Computer and Information Science (icis 2008), 2008.

	BibTex	x
	@article{ 10.1109/ICIS.2008.18, author = {Chao Dai and Jianmin Pang and Rongcai Zhao and Xiaojun Ma}, title = {Static Analysis of the Disassembly against Malicious Code Obfuscated with Conditional Jumps}, journal ={Computer and Information Science, ACIS International Conference on}, volume = {0}, year = {2008}, isbn = {978-0-7695-3131-1}, pages = {525-530}, doi = {http://doi.ieeecomputersociety.org/10.1109/ICIS.2008.18}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer and Information Science, ACIS International Conference on TI - Static Analysis of the Disassembly against Malicious Code Obfuscated with Conditional Jumps SN - 978-0-7695-3131-1 SP525 EP530 A1 - Chao Dai, A1 - Jianmin Pang, A1 - Rongcai Zhao, A1 - Xiaojun Ma, PY - 2008 KW - conditional jump KW - obfuscation KW - malicious codes KW - disassembly VL - 0 JA - Computer and Information Science, ACIS International Conference on ER -

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ICIS.2008.18

With the application of information technology and network, malicious codes have become a main threat to the computer security. In order to avoid being analyzed statically, malicious codes resort to various obfuscation techniques to hide themselves. Conditional jumps obfuscation is just such a kind of technique. In this paper, we introduce four forms of conditional jumps obfuscation which could confuse both of the two commonly used disassembly algorithms. Their basic idea is that two elaborate constructed conditional jump instructions are semantically equivalent to one unconditional jump. We propose a modified algorithm to crack the obfuscation. And we implement our idea in our reverse analysis tool Radux (Reverse Analysis for Detecting Unsafe eXecutables). Last we compare the disassembly output of Radux with objdump and IDApro. Relevant tests show that our implementation is effective.

Index Terms:

conditional jump, obfuscation, malicious codes, disassembly

Citation:

Chao Dai, Jianmin Pang, Rongcai Zhao, Xiaojun Ma, "Static Analysis of the Disassembly against Malicious Code Obfuscated with Conditional Jumps," icis, pp.525-530, Seventh IEEE/ACIS International Conference on Computer and Information Science (icis 2008), 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.