Entries by 'Cory Cohen'

Semantic Code Analysis for Malware Code Deobfuscation

Malware 1 Comment »

By Cory Cohen
Senior Member of the Technical Staff
CERT Division

Cory CohenIn 2012, Symantec blocked more than 5.5 billion malware attacks (an 81 percent increase over 2010) and reported a 41 percent increase in new variants of malware, according to January 2013 Computer World article. To prevent detection and delay analysis, malware authors often obfuscate their malicious programs with anti-analysis measures.  Obfuscated binary code prevents analysts from developing timely, actionable insights by increasing code complexity and reducing the effectiveness of existing tools. This blog post describes research we are conducting at the SEI to improve manual and automated analysis of common code obfuscation techniques used in malware.