Back close

Ransomware Analysis Using Reverse Engineering

Publication Type : Journal Article

Publisher : Communications in Computer and Information Science

Source : Communications in Computer and Information Science, Springer Verlag, Volume 1046, p.185-194 (2019)

Url :

ISBN : 9789811399411

Keywords : Advanced Encryption Standard, Application programming interfaces (API), Cryptography, Cryptors, Data privacy, Decompile, Digital libraries, Disassembly, Dynamic analysis, Dynamic linked libraries, Executables, malware, Message digests, Network security, Packed executable, Packers, Program debugging, Reverse engineering, Static analysis, Virtual machine, Yara rule

Campus : Coimbatore

School : School of Engineering

Center : TIFAC CORE in Cyber Security

Department : Computer Science

Verified : Yes

Year : 2019

Abstract : Ransomware threat continues to grow over years. The existing defense techniques for detecting malicious malware will never be sufficient because of Malware Persistence Techniques. Packed malware makes analysis harder & also it may sound like a trusted executable for evading modern antivirus. This paper focuses on the analysis part of few ransomware samples using different reverse engineering tools & techniques. There are many automated tools available for performing malware analysis, but reversing it manually helped to write two different patches for Wannacry ransomware. Execution of patched ransomware will not encrypt the user machine. Due to new advanced evading techniques like Anti-Virtual Machine (VM) & Anti-debugging, automated malware analysis tools will be less useful. The Application Programming Interface (API) calls which we used to create patch, were used to create Yara rule for detecting different variants of the same malware as well. © 2019, Springer Nature Singapore Pte Ltd.

Cite this Research Publication : S. Naveen and Dr. Gireesh K. T., “Ransomware Analysis Using Reverse Engineering”, Communications in Computer and Information Science, vol. 1046, pp. 185-194, 2019.

Admissions Apply Now