Vizsec 2009: Visualizing Compiled Executables for Malware Analysis
The Vizsec 2009 program looks to be a pretty exciting this year. Please join us in Atlantic City New Jersey; I will be presenting more visualization techniques for malware. I'm presenting a paper titled "Visualizing Compiled Executables for Malware Analysis." I hope to see you there.
Visualizing Compile Executables for Malware Analysis PDF - This won best paper at the workshop.
Reverse engineering compiled executables is a task with a steep learning curve. It is complicated by the task of translating assembly into a series of abstractions that represent the overall flow of a program. Most of the steps involve finding interesting areas of an executable and determining their overall functionality. This paper presents a method using dynamic analysis of program execution to visually represent the overall flow of a program. We use the Ether hypervisor framework to covertly monitor a program. The data is processed and presented for the reverse engineer. Using this method the amount of time needed to extract key features of an executable is greatly reduced, improving productivity. A preliminary user study indicates that the tool is useful for both new and experienced users.