System for Support of Platform Independent Malware Analysis in Executable Files

Reseach leader:Krčma Pavel (AVG), Obluk Karel (AVG)
Team leaders:Kolář Dušan
Team members:Ďurfina Lukáš, Křoustek Jakub, Zemek Petr
Agency:TAČR
Code:TA01010667
Start:2011
End:2013
Keywords:malware, anti-virus, reverse engineering, security, code analysis, code transformation, compiler, decompiler, disassembler
Annotation:
The primary objective of this project is creation of compact system for support of malware analysis. This system will be able to analyze binary executable code, no matter which format or platform was the file created for. Compact, functionally equivalent form of representation will be the output of analysis process. Special computer language will designed for this purpose. Usage of such system will lead to expansion of the anti-virus industry to new markets like mobile phones, multimedia players, etc.

Products

2013Bintran - converter of binary executable files, software, 2013
Authors: Křoustek Jakub, Matula Peter, Kolář Dušan, Masařík Karel
 Fileinfo - tool for compiler/packer detection, software, 2013
Authors: Křoustek Jakub, Zavoral Milan, Kolář Dušan
 Retargetable Decompiler, software, 2013
Authors: Ďurfina Lukáš, Křoustek Jakub, Zemek Petr, Vrana Ondřej, Matula Peter, Kolář Dušan

Publications

2013KŘOUSTEK Jakub and KOLÁŘ Dušan. Approaching Retargetable Static, Dynamic, and Hybrid Executable-Code Analysis. Acta Informatica Pragensia. Praha: University of Economics, 2013, vol. 2, no. 1, pp. 18-29. ISSN 1805-4951.
 KŘOUSTEK Jakub and KOLÁŘ Dušan. Context Parsing (Not Only) of the Object-File-Format Description Language. Computer Science and Information Systems (ComSIS). Novi Sad: 2013, vol. 10, no. 4, pp. 1673-1702. ISSN 1820-0214.
 KŘOUSTEK Jakub and KOLÁŘ Dušan. Preprocessing of Binary Executable Files Towards Retargetable Decompilation. In: 8th International Multi-Conference on Computing in the Global Information Technology (ICCGI'13). Nice: International Academy, Research, and Industry Association, 2013, pp. 259-264. ISBN 978-1-61208-283-7.
 KŘOUSTEK Jakub. Decompilation of VLIW Executable Files - Caveats and Pitfalls. In: 3nd International Scientific Conference Theoretical and Applied Aspects of Cybernetics. Kyiv: Cybernetics Faculty of Taras Shevchenko National University of Kyiv, 2013, pp. 287-296. ISBN 978-966-399-538-0.
 MATULA Peter and KOLÁŘ Dušan. Reconstruction of simple data types in decompilation. In: Sborník příspěvků Mezinárodní Masarykovy konference pro doktorandy a mladé vědecké pracovníky 2013. Hradec Králové: Akademické sdružení MAGNANIMITAS Assn., 2013, pp. 1-10. ISBN 978-80-87952-00-9.
 ĎURFINA Lukáš and KOLÁŘ Dušan. Generic detection of the statically linked code. In: Proceedings of the Twelfth International Conference on Informatics INFORMATICS 2013. Spišská Nová Ves: Faculty of Electrical Engineering and Informatics, University of Technology Košice, 2013, pp. 157-161. ISBN 978-80-8143-127-2.
 ĎURFINA Lukáš, KŘOUSTEK Jakub and ZEMEK Petr. Psyb0t Malware: A Step-By-Step Decompilation Case Study. In: 20th Working Conference on Reverse Engineering (WCRE). Koblenz: IEEE Computer Society, 2013, pp. 449-456. ISBN 978-1-4799-2930-6.
 ĎURFINA Lukáš, KŘOUSTEK Jakub and ZEMEK Petr. Retargetable Machine-Code Decompilation in Your Web Browser. In: 3rd IEEE World Congress on Information and Communication Technologies (WICT 2013). Hanoi: IEEE Computer Society, 2013, pp. 57-62. ISBN 978-1-4799-3230-6.
2012KŘOUSTEK Jakub and KOLÁŘ Dušan. Object-File-Format Description Language and Its Usage in Retargetable Decompilation. In: AIP Conference Proceedings. Kos: American Institute of Physics, 2012, pp. 466-469. ISBN 978-0-7354-1091-6. ISSN 1551-7616.
 KŘOUSTEK Jakub, MATULA Peter, KONČICKÝ Jaromír and KOLÁŘ Dušan. Accurate Retargetable Decompilation Using Debug Information. In: Proceedings of the Sixth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE'12). Rome: International Academy, Research, and Industry Association, 2012, pp. 79-84. ISBN 978-1-61208-209-7.
 ĎURFINA Lukáš and KOLÁŘ Dušan. C Source Code Obfuscator. Kybernetika. 2012, vol. 48, no. 3, p. 8. ISSN 0023-5954.
 ĎURFINA Lukáš, KŘOUSTEK Jakub and ZEMEK Petr. Generic Source Code Migration Using Decompilation. In: 10th Annual Industrial Simulation Conference (ISC'2012). Brno: EUROSIS, 2012, pp. 38-42. ISBN 978-90-77381-71-7.
 ĎURFINA Lukáš, KŘOUSTEK Jakub, ZEMEK Petr and KÁBELE Břetislav. Accurate Recovery of Functions in a Retargetable Decompiler. In: The 15th International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2012). Amsterdam: Springer Verlag, 2012, pp. 390-392. ISBN 978-3-642-33337-8.
 ĎURFINA Lukáš, KŘOUSTEK Jakub, ZEMEK Petr and KÁBELE Břetislav. Detection and Recovery of Functions and their Arguments in a Retargetable Decompiler. In: 19th Working Conference on Reverse Engineering (WCRE 2012). Kingston, Ontario: IEEE Computer Society, 2012, pp. 51-60. ISBN 978-0-7695-4891-3.
 ĎURFINA Lukáš, KŘOUSTEK Jakub, ZEMEK Petr, KÁBELE Břetislav and KOLÁŘ Dušan. On Complex Reconstruction of Functions from Binary Executable Files. In: 8th Doctoral Workshop on Mathematical and Engineering Methods in Computer Science. Brno: Masaryk University, 2012, pp. 100-101. ISBN 978-80-87342-15-2.
2011JIRÁK Ota and KOLÁŘ Dušan. Comparison of Classical and Lazy Approach in SCG Compiler. In: NUMERICAL ANALYSIS AND APPLIED MATHEMATICS ICNAAM 2011: International Conference on Numerical Analysis and Applied Mathematics. Halkidiki: American Institute of Physics, 2011, pp. 873-876. ISBN 978-0-7354-0956-9. ISSN 1551-7616.
 KŘOUSTEK Jakub, MATULA Peter and ĎURFINA Lukáš. Generic Plugin-Based Converter of Object File Formats and Its Usage in Retargetable Decompilation. In: Proceedings of the 6th International Scientific and Technical Conference (CSIT'2011). Lviv: Ministry of Education, Science, Youth and Sports of Ukraine, Lviv Polytechnic National University, Institute of Computer Science and Information Technologies, 2011, pp. 127-130. ISBN 978-966-2191-04-2.
 KŘOUSTEK Jakub, PŘIKRYL Zdeněk, KOLÁŘ Dušan and HRUŠKA Tomáš. Retargetable Multi-level Debugging in HW/SW Codesign. In: The 23rd International Conference on Microelectronics (ICM 2011). Hammamet: Institute of Electrical and Electronics Engineers, 2011, pp. 1-6. ISBN 978-1-4577-2209-7.
 KŘOUSTEK Jakub, ŽIDEK Stanislav, KOLÁŘ Dušan and MEDUNA Alexander. Scattered Context Grammars with Priority. International Journal of Advanced Research in Computer Science. Udaipur: International Journal of Advanced Research in Computer Science, 2011, vol. 2, no. 4, pp. 1-6. ISSN 0976-5697.
 PŘIKRYL Zdeněk, KŘOUSTEK Jakub, HRUŠKA Tomáš and KOLÁŘ Dušan. Fast Just-In-Time Translated Simulator for ASIP Design. In: 14th IEEE International Symposium on Design and Diagnostics of Electronic Circuits and Systems. Cottbus: IEEE Computer Society, 2011, pp. 279-282. ISBN 978-1-4244-9753-9.
 ĎURFINA Lukáš and KOLÁŘ Dušan. C Source Code Obfuscator. In: Book of Abstracts ISCAMI 2011. Malenovice: Ostrava University, 2011, p. 1.
 ĎURFINA Lukáš and KOLÁŘ Dušan. Generic detection of register realignment. In: AIP Conference Proceedings. Kassandra, Halkidiki: American Institute of Physics, 2011, pp. 806-809. ISBN 978-0-7354-0956-9. ISSN 1551-7616.
 ĎURFINA Lukáš, KŘOUSTEK Jakub, ZEMEK Petr, KOLÁŘ Dušan, HRUŠKA Tomáš, MASAŘÍK Karel and MEDUNA Alexander. Advanced Static Analysis for Decompilation Using Scattered Context Grammars. In: Proceedings of the Applied Computing Conference 2011 (ACC'11). Angers: World Scientific and Engineering Academy, 2011, pp. 164-169. ISBN 978-1-61804-051-0.
 ĎURFINA Lukáš, KŘOUSTEK Jakub, ZEMEK Petr, KOLÁŘ Dušan, HRUŠKA Tomáš, MASAŘÍK Karel and MEDUNA Alexander. Design of a Retargetable Decompiler for a Static Platform-Independent Malware Analysis. In: The 5th International Conference on Information Security and Assurance. Brno: Springer Verlag, 2011, pp. 72-86. ISBN 978-3-642-23140-7.
 ĎURFINA Lukáš, KŘOUSTEK Jakub, ZEMEK Petr, KOLÁŘ Dušan, HRUŠKA Tomáš, MASAŘÍK Karel and MEDUNA Alexander. Design of a Retargetable Decompiler for a Static Platform-Independent Malware Analysis. In: 7th Doctoral Workshop on Mathematical and Engineering Methods in Computer Science. Brno: Masaryk University, 2011, pp. 114-114. ISBN 978-80-214-4305-1.
 ĎURFINA Lukáš, KŘOUSTEK Jakub, ZEMEK Petr, KOLÁŘ Dušan, HRUŠKA Tomáš, MASAŘÍK Karel and MEDUNA Alexander. Design of a Retargetable Decompiler for a Static Platform-Independent Malware Analysis. International Journal of Security and Its Applications. Daejeon: Science & Engineering Research Support Center, 2011, vol. 5, no. 4, pp. 91-106. ISSN 1738-9976.
 ĎURFINA Lukáš, KŘOUSTEK Jakub, ZEMEK Petr, KOLÁŘ Dušan, HRUŠKA Tomáš, MASAŘÍK Karel and MEDUNA Alexander. Design of an Automatically Generated Retargetable Decompiler. In: 2nd European Conference of COMPUTER SCIENCE (ECCS'11). Puerto De La Cruz, Tenerife: North Atlantic University Union, 2011, pp. 199-204. ISBN 978-1-61804-056-5.
 ĎURFINA Lukáš. Recognition of Register Realignment by Scattered Context Grammars. In: Proceedings of the 17th Conference and Competition STUDENT EEICT 2011 Volume 3. Brno: Faculty of Information Technology BUT, 2011, pp. 470-474. ISBN 978-80-214-4273-3.

Your IPv4 address: 54.90.243.204
Switch to IPv6 connection

DNSSEC [dnssec]