A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf
.
FCReducer: Locating Symmetric Cryptographic Functions on the Memory
2018
IEICE transactions on information and systems
Malicious software (malware) poses various significant challenges. One is the need to retrieve plain-text messages transmitted between malware and herders through an encrypted network channel. Those messages (e.g., commands for malware) can be a useful hint to reveal their malicious activities. However, the retrieving is challenging even if the malware is executed on an analysis computer. To assist analysts in retrieving the plain-text from the memory, this paper presents FCReducer (Function
doi:10.1587/transinf.2017edp7143
fatcat:6tz5sk3tgfbxxaxetter4werte