Corpus ID: 3843752

HookFinder: Identifying and Understanding Malware Hooking Behaviors

  title={HookFinder: Identifying and Understanding Malware Hooking Behaviors},
  author={Heng Yin and Zhenkai Liang and D. Song},
  • Heng Yin, Zhenkai Liang, D. Song
  • Published in NDSS 2008
  • Computer Science
  • Installing various hooks into the victim system is an important attacking strategy employed by malware, including spyware, rootkits, stealth backdoors, and others. In order to defeat existing hook detectors, malware writers keep exploring new hooking mechanisms. However, the current malware analysis procedure is painstaking, mostly manual and error-prone. In this paper, we propose the first systematic approach for automatically identifying hooks and extracting hooking mechanisms. We propose a… CONTINUE READING
    144 Citations
    HookTracer: A System for Automated and Accessible API Hooks Analysis
    • 3
    • PDF
    K-Tracer: A System for Extracting Kernel Malware Behavior
    • 111
    • Highly Influenced
    • PDF
    Identifying Rootkit Infections Using Data Mining
    • 10
    • PDF
    Detection of Stealth Process using Hooking
    Evasion-resistant malware signature based on profiling kernel data structure objects
    • 13
    • PDF
    Countering kernel rootkits with lightweight hook protection
    • 221
    • PDF
    A Framework for Analysis and Comparison of Dynamic Malware Analysis Tools
    • 11
    • PDF


    Cobra: fine-grained malware analysis using stealth localized-executions
    • 99
    • PDF
    Exploring Multiple Execution Paths for Malware Analysis
    • 530
    • PDF
    Dynamic Spyware Analysis
    • 242
    • PDF
    Renovo: a hidden code extractor for packed executables
    • 290
    • PDF