| Περίληψη: | Recent technological advances such as 5G networks and Internet of Things will bring forth a
new era of applications that exploit those assets. Hence protection of computer systems that run
those applications becomes of paramount importance. Malware continues to be an ever-increasing
threat that task mainly because of their authors ability to adapt them to their hostile environment.
Code obfuscation is a such a technic that makes malware difficult to detect and analyze it’s
behavior. In this diploma thesis the Ghidra reverse engineering framework was used to analyze
real world malware samples and test some heuristic methods that can detect basic forms of
obfuscation such as control flow flattening, instruction overlapping and code bloating. These
methods had successful results in detecting complex code parts that share similar patterns to
obfuscated code but more complicated algorithms are needed for more advanced obfuscation
technics. As a result, a script was made using the Ghidra API that bundles those algorithms and
aims to help reverse engineers, who analyze malware, easily find complex and obfuscated code
parts that may need detailed attention.
|
|---|
