No project description provided
Project description
ARTSEM: Anti-Reversing Trace Scanner for ELF Malware
Note: Although "Malware" is included in the name the tool can be used on any purpose Linux executables.
Table of Contents
Description
This project aims to create an automated tool able to detect which anti-analysis techniques had been applied to a binary.
First we will analyze some techniques (anti-debugging, anti-disassembly, etc.) and the differences in the binaries when they are used.
Then, we will look for traces, patterns and other evidences that allow us to detect the usage of anti-analysis features.
Finally, we will use the tool with a real ELF malware dataset, to see which and how often these techniques are used in the wild.
Installation
pip install artsem
The dataset
The malware samples conforming the dataset have been obtained from different sources. Thanks to you all.
Roadmap
Milestone 1
Generate a (test) dataset from known sources (e.g. 'ls'). To do so, compile the selected program with different flags and analyze the differences between all the binaries generated
Milestone 2
Create a script able to detect the usage of different anti-analysis techniques. It will run different tests on compiled binaries looking for possible traces left by the usage of these techniques
Milestone 3
Use the script with the malware dataset
Milestone 4
Analyze the results. Which techniques were easier to spot? Which ones were more difficult? Are there false positives?
License
artsem is distributed under the terms of the MIT license.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
