Using Reverse Engineering to Handle Malware

Main Article Content

Carlos Andrés Sánchez Venegas
Camilo Aguado Bedoya
Daniel Orlando Díaz López
Juan Carlos Camilo García Ruíz

Abstract

Introduction: This paper is a product of the research Project “Cyber Security Architecture for Incident Management” developed in the Colombian School of Engineering Julio Garavito in the year 2018.


Objetive: Reverse engineering involves deconstructing and extracting knowledge about objects. The use of reverse engineering in malware analysis is extremely useful in understanding the functionalities and purposes of a suspicious sample.


Methods: This paper makes use of Radare which is one of the most popular open source tools for reverse engineering, with the aim of dealing with malware.


Results: A use case related to hacking of anti-sandbox malware is presented, in such a way that it is possible to analyze the behavior of the sample using a sandbox. Additionally, another use case is presented, where an in-depth analysis of a malicious Android application aimed to the audience of a popular event (FIFA World Cup 2018) is developed, making it possible to demonstrate the relevance of reverse engineering techniques in end-user protection strategies.


Conclusions: This paper shows how the results of a reverse engineering process can be integrated with Yara rules, allowing for the detection of malware on the fly, and it also shows an alternative to automatically generating Yara rules through the yarGen generator.


Originality: Use of Open Source reversing solutions by Colombian Law Enforcement Agencies has not been discussed previously, making this paper a notable element toward the modernization of the Army.


Limitation: Different approaches and perspectives about the limitations in the use of reverse engineering by Law Enforcement Agencies are also shared.

Downloads

Download data is not yet available.

Metrics

Metrics Loading ...

Article Details

How to Cite
[1]
C. A. Sánchez Venegas, C. Aguado Bedoya, D. O. Díaz López, and J. C. C. García Ruíz, “Using Reverse Engineering to Handle Malware”, ing. Solidar, vol. 15, no. 28, pp. 1-26, May 2019.
Section
Research Articles
Author Biography

Carlos Andrés Sánchez Venegas, Escuela Colombiana de Ingeniería Julio Garavito

This paper is a product of the research Project “Cyber Security Architecture for Incident Management” developed in the Colombian School of Engineering Julio Garavito in the year 2018. Introduction: Reverse engineering involves deconstructing and extracting knowledge about objects. The use of reverse engineering in malware analysis is extremely useful in understanding the functionalities and purposes of a suspicious sample. Methods: This paper makes use of Radare which is one of the most popular open source tools for reverse engineering, with the aim of dealing with malware. Results: A use case related to hacking of anti-sandbox malware is presented, in such a way that it is possible to analyze the behavior of the sample using a sandbox. Additionally, another use case is presented, where an in-depth analysis of a malicious Android application aimed to the audience of a popular event (FIFA World Cup 2018) is developed, making it possible to demonstrate the relevance of reverse engineering techniques in end-user protection strategies. Conclusions: This paper shows how the results of a reverse engineering process can be integrated with Yara rules, allowing for the detection of malware on the fly, and it also shows an alternative to automatically generating Yara rules through the yarGen generator. Originality: Use of Open Source reversing solutions by Colombian Law Enforcement Agencies has not been discussed previously, making this paper a notable element toward the modernization of the Army. Limitation: Different approaches and perspectives about the limitations in the use of reverse engineering by Law Enforcement Agencies are also shared.

References

[1] R. B. Thompson, “Global Positioning System: The Mathematics of GPS Receivers,” Math. Mag., vol. 71, no. 4, p. 260, Oct. 1998. doi: http://dx.doi.org/10.2307/2690697

[2] J. A. Klobuchar and J. M. Kunches, “Comparative range delay and variability of the Earth’s troposphere and the ionosphere,” GPS Solut., vol. 7, no. 1, pp. 55–58, 2003. doi: http://dx.doi.org/10.1007/s10291-003-0047-5

[3] A. E-S. El-Rabbany, “The effect of physical correlations on the ambiguity resolution and accuracy estimation in GPS differential positioning,” Department of Geodesy and Geomatics Engineering, University of New Brunswick, 1994. [Online]. Available: http://www2.unb.ca/gge/Pubs/TR170.pdf

[4] G. Blewitt, “Basics of the GPS technique: observation equations,” Geod. Appl. GPS, pp. 10–54, 1997. [Online]. Available: http://web.gps.caltech.edu/classes/ge111/Docs/GPSbasics.pdf

[5] R. W. Hedgecock II, “Precise real-time relative localization using single-frequency GPS,” Vanderbilt University, 2014. [Online]. Available: http://www.isis.vanderbilt.edu/sites/default/files/RHedgecock-Dissertation.pdf

[6] J. Cosmen-Schortmann, M. Azaola-Senz, M. A. Martinez-Olague, and M. Toledo-Lopez, “Integrity in urban and road environments and its use in liability critical applications,” in Record - IEEE PLANS, Position Location and Navigation Symposium, 2008, pp. 972–983. doi: http://dx.doi.org/10.1109/PLANS.2008.4570071

[7] S. Bijjahalli, S. Ramasamy, and R. Sabatini, “Masking and multipath analysis for unmanned aerial vehicles in an urban environment,” in AIAA/IEEE Digital Avionics Systems Conference - Proceedings, 2016, vol. 2016–Decem, pp. 4–9. doi: http://dx.doi.org/10.1109/DASC.2016.7778029

[8] J. Hemmes, D. Thain, and C. Poellabauer, “Cooperative Localization in GPS Limited Urban Environments,” Ad Hoc Networks, vol. 1, p. 422, 2010. doi: http://dx.doi.org/10.1007/978-3-642-11723-7_28

[9] J. Wang, C. Jiang, Z. Han, Y. Ren, R. G. Maunder, and L. Hanzo, “Taking drones to the next level: Cooperative distributed unmanned-aerial-vehicular networks for small and mini drones,” Ieee Veh. Technol. Mag., vol. 12, no. 3, pp. 73–82, 2017

[10] S. Yin, J. Tan, and L. Li, “UAV-assisted Cooperative Communications with Wireless Information and Power Transfer,” arXiv Prepr. arXiv1710.00174, pp. 1–5, 2017. [Online]. Available: http://arxiv.org/abs/1710.00174

[11] O. of the Secretary of Defense, “Unmanned Aircraft Systems Roadmap,” Office of the Secretary of Defense, vol. 8, pp. 71–75, 2005. [Online]. Available: http://www.fas.org/irp/program/collect/uav_roadmap2005.pdf

[12] T. Galileo, E. Global, N. Satellite, E. Union, E. Barreca, and E. Commission, “Future thinking on the Galileo Authentication Application,” October 2009, pp. 7–10, 2010. [Online]. Available: https://iisc.im/portfolio-items/future-thinking-on-the-galileo-authentication-applicationinnovating-by-living-mobile-emanuele-barreca/

[13] N. K. F. Tsang, H. Tsai, and F. Leung, “A Critical Investigation of the Bargaining Behavior of Tourists: The Case of Hong Kong Open-Air Markets,” J. Travel Tour. Mark., vol. 28, no. 1, pp. 30–42, Jan. 2011. doi: http://dx.doi.org/10.1080/10548408.2011.535442

[14] S. Tang, N. Kawanishi, R. Furukawa, and N. Kubo, “Experimental evaluation of cooperative relative positioning for intelligent transportation system,” Int. J. Navig. Obs., vol. 2014, pp. 1117–1119, 1123–1124, 2014. doi: http://dx.doi.org/10.1155/2014/314371

[15] F. Berefelt and B. Boberg, “Collaborative gps/ins navigation in urban environment,” in ION National Technical Meeting 2003,2004, 2004, no. January, pp. 26–28. [Online]. Available: https://www.ion.org/publications/abstract.cfm?articleID=5589

[16] D. Sals, A. Martineau, C. Macabiau, B. Bonhoure, and D. Kubrak, “Receiver autonomous integrity monitoring of gnss signals for electronic toll collection,” IEEE Trans. Intell. Transp. Syst., vol. 15, no. 1, pp. 94–103, 2014. doi: http://dx.doi.org/10.1109/TITS.2013.2273829

[17] H. Du, C. Zhang, Q. Ye, W. Xu, P. L. Kibenge, and K. Yao, “A hybrid outdoor localization scheme with high-position accuracy and low-power consumption,” Eurasip J. Wirel. Commun. Netw., vol. 2018, no. 1, p. 4, 2018. doi: http://dx.doi.org/10.1186/s13638-017-1010-4

[18] M. Efatmaneshnik, A. Kealy, N. Alam, and A. G. Dempster, “A cooperative positioning algorithm for DSRC enabled vehicular networks,” Arch. Fotogram. Kartogr. i Teledetekcji, vol. 22, pp. 122–128, 2011. [Online]. Available: http://ptfit.sgp.geodezja.org.pl/wydawnictwa/krakow2011/APCRS vol. 22 pp. 117-129.pdf

[19] X. Fu, H. Bi, and X. Gao, “Multi-UAVs Cooperative Localization Algorithms with Communication Constraints,” Hindawi, vol. 2017, pp. 2–7, 2017. doi: http://dx.doi.org/10.1155/2017/1943539

[20] B. E. Nemsick, A. D. Buchan, and A. Zakhor, “Cooperative Multi-Robot Localization with a Low Cost Heterogeneous Team,” Robot. Autom. (ICRA), 2017 IEEE Int. Conf., pp. 6325–6329, 2017. doi: http://dx.doi.org/10.1109/ICRA.2017.7989748

[21] S. Goel and et al., “Cooperative Localization of Unmanned Aerial Vehicles Using GNSS, MEMS Inertial, and UWB Sensors,” J. Surv. Eng., vol. 143, no. 4, pp. 322–324, 2017. doi: http://dx.doi.org/10.1109/INDIN.2017.8104792

[22] F. Darakeh, G. R. Mohammad-Khani, and P. Azmi, “CRWSNP: cooperative range-free wireless sensor network positioning algorithm,” Wireless Networks, Springer, pp. 4–11, 15, 2017. [Online]. Available: https://link.springer.com/article/10.1007/s11276-017-1505-2

[23] F. R. Fabresse, F. Caballero, and A. Ollero, “Decentralized simultaneous localization and mapping for multiple aerial vehicles using range-only sensors,” in 2015 IEEE International Conference on Robotics and Automation (ICRA), 2015, pp. 6408–6414. doi: http://dx.doi.org/10.1109/ICRA.2015.7140099

[24] T. R. Wanasinghe, G. K. I. Mann, and R. G. Gosine, “Distributed Leader-Assistive Localization Method for a Heterogeneous Multirobotic System,” IEEE Trans. Autom. Sci. Eng., vol. 12, no. 3, pp. 797–804, 807, 2015. doi: http://dx.doi.org/10.1109/TASE.2015.2433014

[25] A. Angrisano, S. Gaglione, C. Gioia, M. Massaro, U. Robustelli, and R. Santamaria, “Ionospheric models comparison for single-frequency GNSS positioning,” Eur. Navig. Conf. 2011, pp. 93–97, 103–105, 2011. [Online]. Available: http://pang.uniparthenope.it/sites/default/files/Ionospheric model comparision for Single-frequency GNSS positioning.pdf

[26] J. Klobuchar, “Ionospheric Time-Delay Algorithm for Single-Frequency GPS Users,” IEEE Trans. Aerosp. Electron. Syst., vol. AES-23, no. 3, pp. 325–331, May. doi: http://dx.doi.org/10.1109/taes.1987.310829

27] D. A. Smith, E. A. Araujo-Pradere, C. Minter, and T. Fuller-Rowell, “A comprehensive evaluation of the errors inherent in the use of a two-dimensional shell for modeling the ionosphere,” Radio Sci., vol. 43, no. 6, pp. 2–6, 13–17, 20–22, 2008. doi: http://dx.doi.org/10.1029/2007RS003769

[28] S. Skone and S. M. Shrestha, “Limitations in DGPS positioning accuracies at low latitudes during solar maximum,” Geophys. Res. Lett., vol. 29, no. 10, pp. 81–84. doi: http://dx.doi.org/10.1029/2001GL013854

[29] R. B. Thompson, “Global Positioning System: The Mathematics of GPS Receivers,” Math. Mag., vol. 71, no. 4, pp. 260–269, Oct. 1998. doi: http://dx.doi.org/10.2307/2690697