Leave it to Weaver

William Mahoney, Joseph Franco, Greg Hoff, J. Todd McDonald

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Malware authors make use of several techniques to obfuscate code from reverse engineering tools such as IdaPro. Typically, these techniques tend to be effective for about three to six instructions, but eventually the tools can properly disassemble the remaining code once the tool is again synchronized with the operation codes. But this loss of synchronization can be used to hide information within the instructions – steganography. Our research explores an approach to this by presenting “Weaver”, a framework for executable steganography. “Weaver” differs from other techniques in how it hides malicious instructions: the hiding instructions are prepared by generating an assembly listing of the program and finding candidate hiding locations, the steganography instructions are prepared by creating an assembly listing of the program to obtain the operation codes to be hidden, and the “weaving” process merges the two. This “weaving” attempts to place all the steganography instructions into candidate locations found in the hiding instructions.

Original languageEnglish (US)
Title of host publicationProceedings of the 8th Software Security, Protection, and Reverse Engineering Workshop, SSPREW 2018
PublisherAssociation for Computing Machinery
ISBN (Electronic)9781450360968
DOIs
Publication statusPublished - Dec 3 2018
Event8th Software Security, Protection, and Reverse Engineering Workshop, SSPREW 2018 - San Juan, United States
Duration: Dec 3 2018Dec 4 2018

Publication series

NameACM International Conference Proceeding Series

Other

Other8th Software Security, Protection, and Reverse Engineering Workshop, SSPREW 2018
CountryUnited States
CitySan Juan
Period12/3/1812/4/18

    Fingerprint

Keywords

  • Information retrieval
  • Reverse engineering
  • Steganography

ASJC Scopus subject areas

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Cite this

Mahoney, W., Franco, J., Hoff, G., & McDonald, J. T. (2018). Leave it to Weaver. In Proceedings of the 8th Software Security, Protection, and Reverse Engineering Workshop, SSPREW 2018 (ACM International Conference Proceeding Series). Association for Computing Machinery. https://doi.org/10.1145/3289239.3291459