Last updated:
0 purchases
artsem 0.0.43
ARTSEM: Anti-Reversing Trace Scanner for ELF Malware
Note: Although "Malware" is included in the name the tool can be used on any purpose Linux executables.
Table of Contents
Description
Installation
The dataset
Roadmap
License
Description
This project aims to create an automated tool able to detect which anti-analysis techniques had been applied to a binary.
First we will analyze some techniques (anti-debugging, anti-disassembly, etc.) and the differences in the binaries when they are used.
Then, we will look for traces, patterns and other evidences that allow us to detect the usage of anti-analysis features.
Finally, we will use the tool with a real ELF malware dataset, to see which and how often these techniques are used in the wild.
Installation
pip install artsem
The dataset
The malware samples conforming the dataset have been obtained from different sources. Thanks to you all.
Vx-Underground
Malware Bazaar
Malware Samples
Virus Share
Virus Sign
Contagio Dump
Virus Total
Roadmap
Milestone 1
Generate a (test) dataset from known sources (e.g. 'ls'). To do so, compile the selected program with different flags and analyze the differences between all the binaries generated
Milestone 2
Create a script able to detect the usage of different anti-analysis techniques. It will run different tests on compiled binaries looking for possible traces left by the usage of these techniques
Milestone 3
Use the script with the malware dataset
Milestone 4
Analyze the results. Which techniques were easier to spot? Which ones were more difficult? Are there false positives?
License
artsem is distributed under the terms of the MIT license.
For personal and professional use. You cannot resell or redistribute these repositories in their original state.
There are no reviews.