Invention Application
- Patent Title: A DEOBFUSCATION METHOD FOR DEOBFUSCATING AN OBFUSCATED MALICIOUS PROGRAM, A RECORDING MEDIUM AND A DEOBFUSCATION DEVICE THAT PERFORMS THE SAME
-
Application No.: US18578600Application Date: 2023-11-23
-
Publication No.: US20250103686A1Publication Date: 2025-03-27
- Inventor: Haehyun CHO , Jeonghyun YI , Minho KIM , Gwangyeol LEE
- Applicant: Foundation of Soongsil University-Industry Cooperation
- Applicant Address: KR Seoul
- Assignee: Foundation of Soongsil University-Industry Cooperation
- Current Assignee: Foundation of Soongsil University-Industry Cooperation
- Current Assignee Address: KR Seoul
- Priority: KR10-2023-0120354 20230911
- International Application: PCT/KR2023/018981 WO 20231123
- Main IPC: G06F21/14
- IPC: G06F21/14 ; G06F21/12
Abstract:
A method for a deobfuscation apparatus that deobfuscates a malicious program obfuscated using an obfuscation technique, and the deobfuscation method comprises executing the malicious program to identify and extract memory information containing a trampoline code used in the obfuscation technique, executing the trampoline code based on the memory information to classify a type of obfuscation technique of the malicious program, and deobfuscating the malicious program according to the classified obfuscation technique and generating a deobfuscation program. According to the constitution, the techniques for obfuscating OEP and IAT can be deobfuscated.
Information query
