artsem 0.0.43

No project description provided

ARTSEM: Anti-Reversing Trace Scanner for ELF Malware

---

Note: Although "Malware" is included in the name the tool can be used on any purpose Linux executables.

Table of Contents

1. Description
2. Installation
3. The dataset
4. Roadmap
5. License

---

Description

This project aims to create an automated tool able to detect which anti-analysis techniques had been applied to a binary.

First we will analyze some techniques (anti-debugging, anti-disassembly, etc.) and the differences in the binaries when they are used.

Then, we will look for traces, patterns and other evidences that allow us to detect the usage of anti-analysis features.

Finally, we will use the tool with a real ELF malware dataset, to see which and how often these techniques are used in the wild.

Installation

pip install artsem

The dataset

The malware samples conforming the dataset have been obtained from different sources. Thanks to you all.

• Vx-Underground
• Malware Bazaar
• Malware Samples
• Virus Share
• Virus Sign
• Contagio Dump
• Virus Total

---

Roadmap

Milestone 1

Generate a (test) dataset from known sources (e.g. 'ls'). To do so, compile the selected program with different flags and analyze the differences between all the binaries generated

Milestone 2

Create a script able to detect the usage of different anti-analysis techniques. It will run different tests on compiled binaries looking for possible traces left by the usage of these techniques

Milestone 3

Use the script with the malware dataset

Milestone 4

Analyze the results. Which techniques were easier to spot? Which ones were more difficult? Are there false positives?

License

artsem is distributed under the terms of the MIT license.