Options
Evading Malware Analysis Using Reverse Execution
Journal
2022 14th International Conference on COMmunication Systems and NETworkS, COMSNETS 2022
Date Issued
2022-01-01
Author(s)
Mishra, Adhokshaj
Roy, Animesh
Hanawal, Manjesh K.
Abstract
Malware is a security threat, and various means are adapted to detect and block them. In this paper, we demonstrate a method where malware can evade malware analysis. The method is based on single-step reverse execution of code using the self-debugging feature. We discuss how self-debugging code works and use that to derive reverse execution for any payload. Further, we demonstrate the feasibility of a detection evading malware through a real implementation that targets Linux x86-64 architecture for a reference implementation. The reference implementation produces one result when run in one direction and a different result when run in the reverse direction.
Subjects