Publication Type : Journal Article
Publisher : Communications in Computer and Information Science
Source : Communications in Computer and Information Science, Springer Verlag, Volume 1046, p.185-194 (2019)
ISBN : 9789811399411
Keywords : Advanced Encryption Standard, Application programming interfaces (API), Cryptography, Cryptors, Data privacy, Decompile, Digital libraries, Disassembly, Dynamic analysis, Dynamic linked libraries, Executables, malware, Message digests, Network security, Packed executable, Packers, Program debugging, Reverse engineering, Static analysis, Virtual machine, Yara rule
Campus : Coimbatore
School : School of Engineering
Center : TIFAC CORE in Cyber Security
Department : Computer Science
Verified : Yes
Year : 2019
Abstract : Ransomware threat continues to grow over years. The existing defense techniques for detecting malicious malware will never be sufficient because of Malware Persistence Techniques. Packed malware makes analysis harder & also it may sound like a trusted executable for evading modern antivirus. This paper focuses on the analysis part of few ransomware samples using different reverse engineering tools & techniques. There are many automated tools available for performing malware analysis, but reversing it manually helped to write two different patches for Wannacry ransomware. Execution of patched ransomware will not encrypt the user machine. Due to new advanced evading techniques like Anti-Virtual Machine (VM) & Anti-debugging, automated malware analysis tools will be less useful. The Application Programming Interface (API) calls which we used to create patch, were used to create Yara rule for detecting different variants of the same malware as well. © 2019, Springer Nature Singapore Pte Ltd.
Cite this Research Publication : S. Naveen and Dr. Gireesh K. T., “Ransomware Analysis Using Reverse Engineering”, Communications in Computer and Information Science, vol. 1046, pp. 185-194, 2019.