Malware-Camouflage

This file documents the progress and reference of research conducted by Chou Yi Hung.
Nowadays, different stealth malware conduct a myriad of camouflage techniques.
However, researchers lack the resources of malware analyses and databases.
Therefore, I collect the malware on windows and android platform from various databases and examine them by miscellaneous tools.

Research Direction

By analizing different malware across differnt time span, try to catalog the packing or comouflage technology changing in different time span.

Basic-static analysis

Tools

1. md5deep: calculate the unique hash ID of malware. Then, search the hash online to see if that malware has been analyzed.
2. strings: list the strings in the execution file. We may find some useful information such as DLL, URL or even error messages.
3. PEiD: detect the type of packer or compiler which makes analyzing the packed file much easier.
4. Dependency Walker: could tell the DLLs used in the malware. .............

Emperical study on different packer

ASPacK

UPX

PECompact

Armadillo

EXECryptor

ASProtect

VMProtect

Reference

1. http://paper.ijcsns.org/07_book/201208/20120813.pdf

Malware Database

1. https://github.com/ytisf/theZoo
2. http://malwaredb.malekal.com
3. http://contagiodump.blogspot.hk
4. https://virusshare.com
5. https://zeltser.com/malware-sample-sources/