Malware Signature and Behavior Performance Evaluation utilizing Packers

Abstract

Malware detection models are being built primarily focusing on signature or behavior type detection. In this paper, anti-forensic techniques are used to hide the malware from malware scanners using various approaches and making different changes to the source code of malware to prevent its detection. In this paper I have worked on two models with interchanging payloads and code segments for analysis to check the performance in each case. In this experiment many samples of malware from the recent attacks covering different malware families and intended attack areas have been used to check detection rates as well as new payloads have been created and merged with the existing malware to understand the behavior and combination of the payloads for multi system attacks and calculate the detection rates making the use of VirusTotal to check the detection. The use of different obfuscation techniques which include encoding the payload, code splitting, adding encryption, backdooring the file, Code injection Payload and finally making the use of different steganographic methods to carry the payload to maintain signature evasion have been used as a technique of payload delivery. The technique of manual unpacking has been used in this paper to unpack the malware and deliver the final attack and a framework of automated deployment methods have been laid for further work.