Obfuscation procedure based on the insertion of the dead code in the crypter by binary search

Cristian Barría Huidobro; David Cordero; Claudio Cubillos; Héctor Allende Cid; Claudio Casado Bárragan

doi:10.1109/ICCCC.2018.8390457

Obfuscation procedure based on the insertion of the dead code in the crypter by binary search

Cristian Barría Huidobro, David Cordero, Claudio Cubillos, Héctor Allende Cid, Claudio Casado Bárragan

SCHOOL OF COMPUTER ENGINEERING

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

2 Scopus citations

Abstract

What threatens the cyberspace is known as malware, which in order to infect the technological devices, it has to be capable of bypassing the antivirus motor. To avoid the antivirus detection, the malicious code requires to be updated and have undergone an obfuscation process. However, the problem of the updating is to consider that the malware maintains its functionality based on its specific characteristics, and also to be checked by specilized informatic resources. For the aforementioned, this paper proposes a procedure that allows to apply the AVFUCKER, DSPLIT, and Binary Division techniques with the aim of optimizing the necessary technological resources, and reducing the time of analysis of the malware's functionality and the evasion of the antivirus.

Original language	English
Title of host publication	2018 7th International Conference on Computers Communications and Control, ICCCC 2018 - Proceedings
Editors	Florin Gheorghe Filip, Domnica Dzitac, Ioan Dzitac, Misu-Jan Manolescu, Simona Dzitac, Horea Oros
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	183-192
Number of pages	10
ISBN (Electronic)	9781538619346
DOIs	https://doi.org/10.1109/ICCCC.2018.8390457
State	Published - 19 Jun 2018
Event	7th International Conference on Computers Communications and Control, ICCCC 2018 - Oradea, Romania Duration: 8 May 2018 → 12 May 2018

Publication series

Name	2018 7th International Conference on Computers Communications and Control, ICCCC 2018 - Proceedings

Conference

Conference	7th International Conference on Computers Communications and Control, ICCCC 2018
Country/Territory	Romania
City	Oradea
Period	8/05/18 → 12/05/18

Keywords

AvFucker
Dsplit
Malware
antivirus
cyberspace
evasion
obfuscation techniques

Access to Document

10.1109/ICCCC.2018.8390457

Cite this

Huidobro, C. B., Cordero, D., Cubillos, C., Cid, H. A., & Bárragan, C. C. (2018). Obfuscation procedure based on the insertion of the dead code in the crypter by binary search. In F. G. Filip, D. Dzitac, I. Dzitac, M-J. Manolescu, S. Dzitac, & H. Oros (Eds.), 2018 7th International Conference on Computers Communications and Control, ICCCC 2018 - Proceedings (pp. 183-192). (2018 7th International Conference on Computers Communications and Control, ICCCC 2018 - Proceedings). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICCCC.2018.8390457

Huidobro, Cristian Barría ; Cordero, David ; Cubillos, Claudio et al. / Obfuscation procedure based on the insertion of the dead code in the crypter by binary search. 2018 7th International Conference on Computers Communications and Control, ICCCC 2018 - Proceedings. editor / Florin Gheorghe Filip ; Domnica Dzitac ; Ioan Dzitac ; Misu-Jan Manolescu ; Simona Dzitac ; Horea Oros. Institute of Electrical and Electronics Engineers Inc., 2018. pp. 183-192 (2018 7th International Conference on Computers Communications and Control, ICCCC 2018 - Proceedings).

@inproceedings{c32d92f5789f41029070a5d53237e7cf,

title = "Obfuscation procedure based on the insertion of the dead code in the crypter by binary search",

abstract = "What threatens the cyberspace is known as malware, which in order to infect the technological devices, it has to be capable of bypassing the antivirus motor. To avoid the antivirus detection, the malicious code requires to be updated and have undergone an obfuscation process. However, the problem of the updating is to consider that the malware maintains its functionality based on its specific characteristics, and also to be checked by specilized informatic resources. For the aforementioned, this paper proposes a procedure that allows to apply the AVFUCKER, DSPLIT, and Binary Division techniques with the aim of optimizing the necessary technological resources, and reducing the time of analysis of the malware's functionality and the evasion of the antivirus.",

keywords = "AvFucker, Dsplit, Malware, antivirus, cyberspace, evasion, obfuscation techniques",

author = "Huidobro, {Cristian Barr{\'i}a} and David Cordero and Claudio Cubillos and Cid, {H{\'e}ctor Allende} and B{\'a}rragan, {Claudio Casado}",

note = "Publisher Copyright: {\textcopyright} 2018 IEEE.; 7th International Conference on Computers Communications and Control, ICCCC 2018 ; Conference date: 08-05-2018 Through 12-05-2018",

year = "2018",

month = jun,

day = "19",

doi = "10.1109/ICCCC.2018.8390457",

language = "English",

series = "2018 7th International Conference on Computers Communications and Control, ICCCC 2018 - Proceedings",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "183--192",

editor = "Filip, {Florin Gheorghe} and Domnica Dzitac and Ioan Dzitac and Misu-Jan Manolescu and Simona Dzitac and Horea Oros",

booktitle = "2018 7th International Conference on Computers Communications and Control, ICCCC 2018 - Proceedings",

}

Huidobro, CB, Cordero, D, Cubillos, C, Cid, HA & Bárragan, CC 2018, Obfuscation procedure based on the insertion of the dead code in the crypter by binary search. in FG Filip, D Dzitac, I Dzitac, M-J Manolescu, S Dzitac & H Oros (eds), 2018 7th International Conference on Computers Communications and Control, ICCCC 2018 - Proceedings. 2018 7th International Conference on Computers Communications and Control, ICCCC 2018 - Proceedings, Institute of Electrical and Electronics Engineers Inc., pp. 183-192, 7th International Conference on Computers Communications and Control, ICCCC 2018, Oradea, Romania, 8/05/18. https://doi.org/10.1109/ICCCC.2018.8390457

Obfuscation procedure based on the insertion of the dead code in the crypter by binary search. / Huidobro, Cristian Barría; Cordero, David; Cubillos, Claudio et al.
2018 7th International Conference on Computers Communications and Control, ICCCC 2018 - Proceedings. ed. / Florin Gheorghe Filip; Domnica Dzitac; Ioan Dzitac; Misu-Jan Manolescu; Simona Dzitac; Horea Oros. Institute of Electrical and Electronics Engineers Inc., 2018. p. 183-192 (2018 7th International Conference on Computers Communications and Control, ICCCC 2018 - Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Obfuscation procedure based on the insertion of the dead code in the crypter by binary search

AU - Huidobro, Cristian Barría

AU - Cordero, David

AU - Cubillos, Claudio

AU - Cid, Héctor Allende

AU - Bárragan, Claudio Casado

PY - 2018/6/19

Y1 - 2018/6/19

N2 - What threatens the cyberspace is known as malware, which in order to infect the technological devices, it has to be capable of bypassing the antivirus motor. To avoid the antivirus detection, the malicious code requires to be updated and have undergone an obfuscation process. However, the problem of the updating is to consider that the malware maintains its functionality based on its specific characteristics, and also to be checked by specilized informatic resources. For the aforementioned, this paper proposes a procedure that allows to apply the AVFUCKER, DSPLIT, and Binary Division techniques with the aim of optimizing the necessary technological resources, and reducing the time of analysis of the malware's functionality and the evasion of the antivirus.

AB - What threatens the cyberspace is known as malware, which in order to infect the technological devices, it has to be capable of bypassing the antivirus motor. To avoid the antivirus detection, the malicious code requires to be updated and have undergone an obfuscation process. However, the problem of the updating is to consider that the malware maintains its functionality based on its specific characteristics, and also to be checked by specilized informatic resources. For the aforementioned, this paper proposes a procedure that allows to apply the AVFUCKER, DSPLIT, and Binary Division techniques with the aim of optimizing the necessary technological resources, and reducing the time of analysis of the malware's functionality and the evasion of the antivirus.

KW - AvFucker

KW - Dsplit

KW - Malware

KW - antivirus

KW - cyberspace

KW - evasion

KW - obfuscation techniques

UR - http://www.scopus.com/inward/record.url?scp=85050106981&partnerID=8YFLogxK

U2 - 10.1109/ICCCC.2018.8390457

DO - 10.1109/ICCCC.2018.8390457

M3 - Conference contribution

AN - SCOPUS:85050106981

T3 - 2018 7th International Conference on Computers Communications and Control, ICCCC 2018 - Proceedings

SP - 183

EP - 192

BT - 2018 7th International Conference on Computers Communications and Control, ICCCC 2018 - Proceedings

A2 - Filip, Florin Gheorghe

A2 - Dzitac, Domnica

A2 - Dzitac, Ioan

A2 - Manolescu, Misu-Jan

A2 - Dzitac, Simona

A2 - Oros, Horea

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 7th International Conference on Computers Communications and Control, ICCCC 2018

Y2 - 8 May 2018 through 12 May 2018

ER -

Huidobro CB, Cordero D, Cubillos C, Cid HA, Bárragan CC. Obfuscation procedure based on the insertion of the dead code in the crypter by binary search. In Filip FG, Dzitac D, Dzitac I, Manolescu M-J, Dzitac S, Oros H, editors, 2018 7th International Conference on Computers Communications and Control, ICCCC 2018 - Proceedings. Institute of Electrical and Electronics Engineers Inc. 2018. p. 183-192. (2018 7th International Conference on Computers Communications and Control, ICCCC 2018 - Proceedings). doi: 10.1109/ICCCC.2018.8390457

Obfuscation procedure based on the insertion of the dead code in the crypter by binary search

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this