Rotalumè : A Tool for Automatic Reverse Engineering of Malware Emulators

@inproceedings{Sharif2009RotalumA,
  title={Rotalum{\`e} : A Tool for Automatic Reverse Engineering of Malware Emulators},
  author={Monirul Sharif and Andrea Lanzi and Jonathon Giffin and Wenke Lee},
  year={2009}
}
Malware authors have recently begun using emulation technology to obfuscate their code. They convert native malware binaries into bytecode programs written in a randomly generated instruction set and paired with a native binary emulator that interprets the bytecode. No existing malware analysis can reliably reverse this obfuscation technique. In this paper, we present the first work in automatic reverse engineering of malware emulators. Our algorithms are based on dynamic analysis. We execute… CONTINUE READING