ATTENTION/WARNING - NE PAS DÉPOSER ICI/DO NOT SUBMIT HERE

Ceci est la version de TEST de DIAL.mem. Veuillez ne pas soumettre votre mémoire sur ce site mais bien à l'URL suivante: 'https://thesis.dial.uclouvain.be'.
This is the TEST version of DIAL.mem. Please use the following URL to submit your master thesis: 'https://thesis.dial.uclouvain.be'.
 

Let's analyze malware with symbolic execution: a practical study

Lucca, Serena
(2022)

Files

Lucca_29541700_2022.pdf
  • Open access
  • Adobe PDF
  • 1.48 MB
Download

Details

Supervisors
Legay, Axel
Faculty
Ecole polytechnique de Louvain
Degree label
Master [120] : ingénieur civil en informatique, à finalité spécialisée
Abstract
Malware are constantly on the rise and their capabilities to avoid analysis are getting better each day. It is necessary to develop new tools and techniques in order to be able to detect and classify the large amount of malware that appear every day. In this context, the SEMA Toolchain was created to apply symbolic execution to malware samples in order to create a system call dependency graph that can be used as a signature to classify them. The goal of this work is to use the SEMA Toolchain to perform an in-depth analysis of some RAT samples. RATs are a a type of malware that present a variety of malicious features. It is controlled by a command and control server which sends commands to ask for a specific feature to be executed. We will explain in detail the process of applying this type of analysis to two RAT samples. We will also apply symbolic execution to another sample to demonstrate the effectiveness of this type of analysis against anti dynamic analysis technique. Finally, we present our thoughts and suggestions about the automation of this kind of analysis to be able to process a larger number of samples.