Building an Automated Deobfuscation System that Integrates Multiple Deobfuscation Tools (preliminary version)
Abstract
The main purpose of program obfuscation is to protect the security of a program’s source code and prevent its misuse. However, attackers can also exploit obfuscation to make analysis and detection of their own programs more difficult. Therefore, it is necessary to deobfuscate the source code during analysis; however, the numerous obfuscation methods available make deobfuscation challenging. In this paper, we aim to automate a system that encompasses deobfuscation tools for multiple methods. Our system employs a detection tool for malicious JavaScript files, a deobfuscation tool for JavaScript, a deobfuscation tool for XOR obfuscation, and a deobfuscation tool for Portable Executable (PE) files in order to achieve detection and deobfuscation. From our results, we confirm the detection of malicious JavaScript files and the deobfuscation of obfuscated files, while for PE files, we verified deobfuscation at the same level as the source code. The implementation of this system enables efficient deobfuscation of numerous obfuscated programs.
Keywords
Deobfuscation; Automated System; XOR; Packer; JavaScript
Full Text:
PDFRefbacks
- There are currently no refbacks.