Description:

artsem 0.0.43

ARTSEM: Anti-Reversing Trace Scanner for ELF Malware




Note: Although "Malware" is included in the name the tool can be used on any purpose Linux executables.

Table of Contents

Description
Installation
The dataset
Roadmap
License


Description
This project aims to create an automated tool able to detect which anti-analysis techniques had been applied to a binary.
First we will analyze some techniques (anti-debugging, anti-disassembly, etc.) and the differences in the binaries when they are used.
Then, we will look for traces, patterns and other evidences that allow us to detect the usage of anti-analysis features.
Finally, we will use the tool with a real ELF malware dataset, to see which and how often these techniques are used in the wild.
Installation
pip install artsem

The dataset
The malware samples conforming the dataset have been obtained from different sources. Thanks to you all.

Vx-Underground
Malware Bazaar
Malware Samples
Virus Share
Virus Sign
Contagio Dump
Virus Total


Roadmap
Milestone 1
Generate a (test) dataset from known sources (e.g. 'ls'). To do so, compile the selected program with different flags and analyze the differences between all the binaries generated
Milestone 2
Create a script able to detect the usage of different anti-analysis techniques. It will run different tests on compiled binaries looking for possible traces left by the usage of these techniques
Milestone 3
Use the script with the malware dataset
Milestone 4
Analyze the results. Which techniques were easier to spot? Which ones were more difficult? Are there false positives?
License
artsem is distributed under the terms of the MIT license.

License

For personal and professional use. You cannot resell or redistribute these repositories in their original state.

Share

• Share on Facebook
• Share on Twitter