10 likes | 107 Views
Describe one way that Polymorphic Viruses in x86 executables could be detected using the Cifuentes and Gough’s decompiler. Abstract
E N D
Describe one way that Polymorphic Viruses in x86 executables could be detected using the Cifuentes and Gough’s decompiler Abstract Apart form code maintenance, the decompiler can be used as a tool to detect virus in binary program. In this paper, detection of a DOS-based virus – polymorphic virus in x86 executables using the reverse compiler tool will be presented. Starting from the front-end module of the decompiler, tools like parser, disassembler and the signature generator will facilitate the decompiling processes by flagging the suspicious machine codes during intermediate code and control flow graph generation. Data flow analysis and Control flow analysis will be done in the UDM phase. In addition, malicious code could be extracted using program-slicing algorithm and the control flow graph will be modified to facilitate code generation in the back-end module. Names of variables and procedures will be renamed and information of malicious behaviors will be reported as comments within each procedure to reveal the structure and behavior of the virus.