Software armoring techniques has been causing problems in malware analysis. It obscures and protects malware codes; making analysis difficult to be conducted. As more malware is armed, new method is required to make analysis easier and faster. In this paper, we introduced an automated-method to detect malware unpacking activities using dynamic binary instrumentation. It used bi-gram analysis and fine grained analysis tracking to monitor execution. Our results using off-the-shelf packing tools on both packed malware and packed binary showed that dynamic binary instrumentation can be used as a powerful tool to track obfuscated binaries.
- Dynamic binary instrumentation
- Malware analysis