Using Reverse Engineering to Handle Malware
Introduction: This paper is a product of the research Project “Cyber Security Architecture for Incident Management” developed in the Colombian School of Engineering Julio Garavito in the year 2018. Objetive: Reverse engineering involves deconstructing and extracting knowledge about objects. The use...
- Autores:
-
Sánchez Venegas, Carlos Andrés
Aguado Bedoya, Camilo
Díaz López, Daniel Orlando
García Ruíz, Juan Carlos Camilo
- Tipo de recurso:
- Article of journal
- Fecha de publicación:
- 2019
- Institución:
- Escuela Colombiana de Ingeniería Julio Garavito
- Repositorio:
- Repositorio Institucional ECI
- Idioma:
- spa
- OAI Identifier:
- oai:repositorio.escuelaing.edu.co:001/1858
- Acceso en línea:
- https://repositorio.escuelaing.edu.co/handle/001/1858
- Palabra clave:
- Ingeniería inversa
Radar
Sandboxing
Reglas de Yara
Análisis de malware
Reverse engineering
Radare
Yara rules
Malware analysis
- Rights
- openAccess
- License
- https://creativecommons.org/licenses/by-nc-sa/4.0/
| id |
ESCUELAIG2_57142c2960f6906e981e760f6306374b |
|---|---|
| oai_identifier_str |
oai:repositorio.escuelaing.edu.co:001/1858 |
| network_acronym_str |
ESCUELAIG2 |
| network_name_str |
Repositorio Institucional ECI |
| repository_id_str |
|
| dc.title.eng.fl_str_mv |
Using Reverse Engineering to Handle Malware |
| dc.title.alternative.spa.fl_str_mv |
Utilizando la ingeniería inversa para enfrentar Malware |
| title |
Using Reverse Engineering to Handle Malware |
| spellingShingle |
Using Reverse Engineering to Handle Malware Ingeniería inversa Radar Sandboxing Reglas de Yara Análisis de malware Reverse engineering Radare Yara rules Malware analysis |
| title_short |
Using Reverse Engineering to Handle Malware |
| title_full |
Using Reverse Engineering to Handle Malware |
| title_fullStr |
Using Reverse Engineering to Handle Malware |
| title_full_unstemmed |
Using Reverse Engineering to Handle Malware |
| title_sort |
Using Reverse Engineering to Handle Malware |
| dc.creator.fl_str_mv |
Sánchez Venegas, Carlos Andrés Aguado Bedoya, Camilo Díaz López, Daniel Orlando García Ruíz, Juan Carlos Camilo |
| dc.contributor.author.none.fl_str_mv |
Sánchez Venegas, Carlos Andrés Aguado Bedoya, Camilo Díaz López, Daniel Orlando García Ruíz, Juan Carlos Camilo |
| dc.contributor.researchgroup.spa.fl_str_mv |
Informática |
| dc.subject.armarc.spa.fl_str_mv |
Ingeniería inversa Radar Sandboxing Reglas de Yara Análisis de malware |
| topic |
Ingeniería inversa Radar Sandboxing Reglas de Yara Análisis de malware Reverse engineering Radare Yara rules Malware analysis |
| dc.subject.proposal.eng.fl_str_mv |
Reverse engineering Radare Yara rules Malware analysis |
| description |
Introduction: This paper is a product of the research Project “Cyber Security Architecture for Incident Management” developed in the Colombian School of Engineering Julio Garavito in the year 2018. Objetive: Reverse engineering involves deconstructing and extracting knowledge about objects. The use of reverse engineering in malware analysis is extremely useful in understanding the functionalities and purposes of a suspicious sample. Methods: This paper makes use of Radare which is one of the most popular open source tools for reverse engineering, with the aim of dealing with malware. Results: A use case related to hacking of anti-sandbox malware is presented, in such a way that it is possible to analyze the behavior of the sample using a sandbox. Additionally, another use case is presented, where an in-depth analysis of a malicious Android application aimed to the audience of a popular event (FIFA World Cup 2018) is developed, making it possible to demonstrate the relevance of reverse engineering techniques in end-user protection strategies. Conclusions: This paper shows how the results of a reverse engineering process can be integrated with Yara rules, allowing for the detection of malware on the fly, and it also shows an alternative to automatically generating Yara rules through the yarGen generator. Originality: Use of Open Source reversing solutions by Colombian Law Enforcement Agencies has not been discussed previously, making this paper a notable element toward the modernization of the Army. Limitation: Different approaches and perspectives about the limitations in the use of reverse engineering by Law Enforcement Agencies are also shared. |
| publishDate |
2019 |
| dc.date.issued.none.fl_str_mv |
2019 |
| dc.date.accessioned.none.fl_str_mv |
2021-11-26T17:35:51Z |
| dc.date.available.none.fl_str_mv |
2021-11-26T17:35:51Z |
| dc.type.spa.fl_str_mv |
Artículo de revista |
| dc.type.coar.fl_str_mv |
http://purl.org/coar/resource_type/c_2df8fbb1 |
| dc.type.coarversion.fl_str_mv |
http://purl.org/coar/version/c_970fb48d4fbd8a85 |
| dc.type.version.spa.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
| dc.type.coar.spa.fl_str_mv |
http://purl.org/coar/resource_type/c_6501 |
| dc.type.content.spa.fl_str_mv |
Text |
| dc.type.driver.spa.fl_str_mv |
info:eu-repo/semantics/article |
| dc.type.redcol.spa.fl_str_mv |
http://purl.org/redcol/resource_type/ART |
| format |
http://purl.org/coar/resource_type/c_6501 |
| status_str |
publishedVersion |
| dc.identifier.issn.none.fl_str_mv |
23824220 |
| dc.identifier.uri.none.fl_str_mv |
https://repositorio.escuelaing.edu.co/handle/001/1858 |
| identifier_str_mv |
23824220 |
| url |
https://repositorio.escuelaing.edu.co/handle/001/1858 |
| dc.language.iso.spa.fl_str_mv |
spa |
| language |
spa |
| dc.relation.citationendpage.spa.fl_str_mv |
26 |
| dc.relation.citationissue.spa.fl_str_mv |
2 |
| dc.relation.citationstartpage.spa.fl_str_mv |
1 |
| dc.relation.citationvolume.spa.fl_str_mv |
15 |
| dc.relation.indexed.spa.fl_str_mv |
N/A |
| dc.relation.ispartofjournal.spa.fl_str_mv |
Ingeniería Solidaria |
| dc.relation.references.spa.fl_str_mv |
M. Sikorski and A. Honig, “Practical Malware Analysis,” vol. 53, no. 9. No Starch Press, San Francisco, pp. 650–652, 2012. doi: 10.1016/s1353-4858(12)70109-5 K. Dunham, S. Hartman, J. Morales, M. Quintans, and T. Strazzere, “Android Malware And Analysis.” CRC Press, p. 232, 2014.[Online]. Available: https://www.crcpress.com/ Android-Malware-and-Analysis/Dunham-Hartman-Quintans-Morales-Strazzere/p/ book/9781482252194 doi:10.1201/b17598 J. J. Drake, Z. Lanier, C. Mulliner, P. Oliva, S. A. Ridley, and G. Wicherski, “Android hacker’s han dbook.” John Wiley & Sons, p. 577, 2014. [Online]. Available: https://www.wiley.com/en-co/ Android+Hacker%27s+Handbook-p-9781118922255 Radare, “radare/radare2: unix-like reverse engineering framework and commandline tools security.” [Online]. Available: https://github.com/radare/radare2. E. Eilam and E. J. Chikofsky, “Reversing: Secrets of Reverse Engineering.” John Wiley & Sons, p. 624, 2011. [Online]. Available: https://www.wiley.com/en-co/Android+ Hacker%27s+Handbook-p-9781118922255 A. Singh, “Identifying Malicious code through Reverse Engineering,” vol. 44. Springer Science & Business Media, p. 198, 2009. [Online]. Available: https://www.springer.com/la/ book/9780387098241 doi:10.1007/978-0-387-89468-3 D. Oktavianto and I. Muhardianto, “Cuckoo Malware Analysis.” Packt Publishing Ltd, p. 142, 2013. [Online]. Available: https://www.packtpub.com/hardware-and-creative/cuckoo- malware-analysis C. Elisan, “Advanced Malware Analysis.” McGraw Hill Professional, p. 464, 2015. [Online]. Available: https://www.mhprofessional.com/9780071819749-usa-advanced-malware-analysis-group M. Ligh, A. Case, J. Levy, and Aa. Walters, “The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory,” vol. 1. John Wiley & Sons, p. 912, 2014. [Online]. Available: https://www.wiley.com/en-co/The+Art+of+Memory+Forensics%3A+Detecting+ Malware+ and+Threats+in+Windows%2C+Linux%2C+and+Mac+Memory-p-9781118824993 D. Regalado, S. Harris, A. Harper, C. Eagle, and J. Ness, “Gray hat hacking: the ethical hac ker’s handbook.” McGraw Hill Professional, p. 577, 2008. [Online]. Available: https://www. mhprofessional.com/9781260108415-usa-gray-hat-hacking-the-ethical-hackers-handbook fifth-edition-group doi: 10.1036/0071495681 P. Shah, “Security Sandboxing for PC2: Windows Version,” California State University, Sacramento, 2017. [Online]. Available: https://csus-dspace.calstate.edu/bitstream/hand le/10211.3/190565/SecuritySandboxingForPC2WindowsVersion.pdf?sequence=1 C. Eagle, “The IDA Pro Book.” No Starch Press, p. 672, 2011. [Online]. Available: https://nos tarch.com/idapro2.htm Aptoide S.A, Aptoide | Descarga, encuentra y comparte los mejores juegos y apps para Android. [Online]. Available: https://es.aptoide.com/. Klinnerds, “World Cup 2018 Yeah! - Russia 2018 2.2.3 Descargar APK para Android - Aptoide.” [Online]. Available: https://world-cup-2018-yeah-russia-2018.es.aptoide.com/ J. Morris, “Hands-On Android UI Development: Design and develop attractive user interfaces for Android applications.” Packt Publishing Ltd, p. 348, 2017. [Online]. Available: https://www. packtpub.com/application-development/hands-android-ui-development N. Elenkov, “Android Security Internals: An In-Depth Guide to Android’s Security Architecture.” No Starch Press, p. 432, 2014. [Online]. Available: https://nostarch.com/androidsecurity A. Dubkey and A. Misra, “Android Security: Attacks and Defenses.” CRC Press, p. 280, 2016. [Online]. Available: https://www.crcpress.com/Android-Security-Attacks-and-Defenses/ Misra-Dubey/p/book/9781439896471 K. Dunham, “Mobile Malware Attacks and Defense.” Syngress, p. 440, 2008. [Online]. Available: https://cdn.sonicwall.com/sonicwall.com/media/pdfs/resources/2018-snwl-cy ber-threat-report.pdf K. Mandia, C. Prosise, and M. Pepe, “Incident Response & Computer Forensics.” McGraw Hill Professional, p. 624, 2014. [Online]. Available: https://www.mhprofessional. com/9780071798686-usa-incident-response-computer-forensics-third-edition-group M. Christodorescu, S. Jha, C. Wang, D. Song, and D. Maughan, “Malware Detection.” Springer Science & Business Media, p. 312, 2007. [Online]. Available: https://www.springer.com/la/ book/9780387327204 doi: 10.1007/978-0-387-44599-1 V. Total, “YARA – VirusTotal.” [Online]. Available: https://support.virustotal.com/hc/en-us/ articles/115002178945-YARA. D. Balzarotti, M. Cova, and S. Stolfo, “Research in Attacks, Intrusions, and Defenses,” vol. 7462. Springer, p. 400, 2012. doi: 10.1007/978-3-642-33338-5 M. Spreitzenbarth and J. Uhrmann, “Mastering Python Forensics,” vol. 21. Packt Publishing Ltd, p. 192, 2015. [Online]. Available: https://www.packtpub.com/networking-and-servers/ mastering-python-forensics J. Six, “Application Security for the Android Platform.” O’Reilly Media, p. 97, 2011. [Online]. Available: http://shop.oreilly.com/product/0636920022596.do M. Goodman, “Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It.” Knopf Doubleday Publishing Group, p. 10100, 2015. [Online]. Available: http://www.futurecrimesbook.com/ T. Intelligence and I. Analysis, “2018 SonicWall Cyber Threat Report,” 2018. [Online]. Available: https://cdn.sonicwall.com/sonicwall.com/media/pdfs/resources/2018-snwl-cy ber-threat-report.pdf C. Abad-Aramburu, “Aplicación de metodología de Análisis de Malware al caso de estudio de la Amenaza Avanzada Persistente (APT) ‘Octubre Rojo.’” España, p. 2, 2015. [Online]. Available: http://reunir.unir.net/handle/123456789/2841 J. Muniz, G. McIntyre, and N. AlFardan, “Security Operations Center: Building, Operating, and Maintaining your SOC,” vol. 2. Cisco Press, p. 21, 2015. [Online]. Available: http://www.ciscopress. com/store/security-operations-center-building-operating-and-maintaining-9780134052014 |
| dc.rights.coar.fl_str_mv |
http://purl.org/coar/access_right/c_abf2 |
| dc.rights.uri.spa.fl_str_mv |
https://creativecommons.org/licenses/by-nc-sa/4.0/ |
| dc.rights.accessrights.spa.fl_str_mv |
info:eu-repo/semantics/openAccess |
| dc.rights.creativecommons.spa.fl_str_mv |
Atribución-NoComercial-CompartirIgual 4.0 Internacional (CC BY-NC-SA 4.0) |
| rights_invalid_str_mv |
https://creativecommons.org/licenses/by-nc-sa/4.0/ Atribución-NoComercial-CompartirIgual 4.0 Internacional (CC BY-NC-SA 4.0) http://purl.org/coar/access_right/c_abf2 |
| eu_rights_str_mv |
openAccess |
| dc.format.extent.spa.fl_str_mv |
26 páginas. |
| dc.format.mimetype.spa.fl_str_mv |
application/pdf |
| dc.publisher.spa.fl_str_mv |
EDICIONES UCC PRODUCTS |
| dc.publisher.place.spa.fl_str_mv |
Bogotá |
| dc.source.spa.fl_str_mv |
https://revistas.ucc.edu.co/index.php/in/article/view/2745 |
| institution |
Escuela Colombiana de Ingeniería Julio Garavito |
| bitstream.url.fl_str_mv |
https://repositorio.escuelaing.edu.co/bitstream/001/1858/1/Using%20Reverse%20Engineering%20to%20Face%20Malware.pdf https://repositorio.escuelaing.edu.co/bitstream/001/1858/2/license.txt https://repositorio.escuelaing.edu.co/bitstream/001/1858/3/Using%20Reverse%20Engineering%20to%20Face%20Malware.pdf.txt https://repositorio.escuelaing.edu.co/bitstream/001/1858/4/Using%20Reverse%20Engineering%20to%20Face%20Malware.pdf.jpg |
| bitstream.checksum.fl_str_mv |
809cccc695c022a0ccb87876f0e27c6b 5a7ca94c2e5326ee169f979d71d0f06e a30ec7c8e14dff7f38862c82a6354478 ad6bbb8103186a604700dd656577bd0e |
| bitstream.checksumAlgorithm.fl_str_mv |
MD5 MD5 MD5 MD5 |
| repository.name.fl_str_mv |
Repositorio Escuela Colombiana de Ingeniería Julio Garavito |
| repository.mail.fl_str_mv |
repositorio.eci@escuelaing.edu.co |
| _version_ |
1814355587777953792 |
| spelling |
Sánchez Venegas, Carlos Andrésdb4c34e88ed27cc0264b2683a4ef8983600Aguado Bedoya, Camilo303cf5320d02fd3f7bed753bcff2dffc600Díaz López, Daniel Orlandoa6116efa385deb85832ad5a8a801ab68600García Ruíz, Juan Carlos Camiloa1476d01ab15edad01577cdd4ea2abd3600Informática2021-11-26T17:35:51Z2021-11-26T17:35:51Z201923824220https://repositorio.escuelaing.edu.co/handle/001/1858Introduction: This paper is a product of the research Project “Cyber Security Architecture for Incident Management” developed in the Colombian School of Engineering Julio Garavito in the year 2018. Objetive: Reverse engineering involves deconstructing and extracting knowledge about objects. The use of reverse engineering in malware analysis is extremely useful in understanding the functionalities and purposes of a suspicious sample. Methods: This paper makes use of Radare which is one of the most popular open source tools for reverse engineering, with the aim of dealing with malware. Results: A use case related to hacking of anti-sandbox malware is presented, in such a way that it is possible to analyze the behavior of the sample using a sandbox. Additionally, another use case is presented, where an in-depth analysis of a malicious Android application aimed to the audience of a popular event (FIFA World Cup 2018) is developed, making it possible to demonstrate the relevance of reverse engineering techniques in end-user protection strategies. Conclusions: This paper shows how the results of a reverse engineering process can be integrated with Yara rules, allowing for the detection of malware on the fly, and it also shows an alternative to automatically generating Yara rules through the yarGen generator. Originality: Use of Open Source reversing solutions by Colombian Law Enforcement Agencies has not been discussed previously, making this paper a notable element toward the modernization of the Army. Limitation: Different approaches and perspectives about the limitations in the use of reverse engineering by Law Enforcement Agencies are also shared.Este artículo es producto del proyecto de investigación “Cyber Security Architecture for Incident Management” desarrollado en la Escuela Colombiana de Ingeniería Julio Garavito en el año 2018. Introducción: La ingeniería inversa permite deconstruir y extraer conocimiento de objetos. El uso de la inge-niería inversa en el análisis de malware es extremadamente útil para comprender las funcionalidades y los propósitos de una muestra sospechosa. Métodos: Este artículo utiliza Radare, la cual es una de las herramientas de código abierto más populares para ingeniería inversa con el objetivo de hacer frente a las amenazas de malware. Resultados: Se presenta un caso de uso relacionado al análisis de malware anti-sandbox, de forma que sea posible analizar el comportamiento de la muestra utilizando una sandbox. Además, se presenta otro caso de uso en el que se desarrolla un análisis en profundidad de una aplicación maliciosa de Android dirigida a la audiencia de un evento popular (Copa Mundial de la FIFA 2018), que permite demostrar la relevancia de las técnicas de ingeniería inversa en las estrategias de protección al usuario final. Conclusiones: Este artículo muestra cómo los resultados de un proceso de ingeniería inversa se pueden inte-grar con reglas Yara, lo que permite detectar malware, y también muestra una alternativa para generar auto-máticamente reglas Yara a través del generador yarGen. Originalidad: El uso de soluciones de ingeniería inversa de código abierto por parte de las agencias de seguri-dad del estado no ha sido discutido anteriormente, lo que hace de este artículo un elemento notable de apoyo hacia la modernización de las fuerzas militares. Limitación: Se comparten diferentes enfoques y perspectivas sobre las limitaciones en el uso de ingeniería inversa por parte de las agencias de seguridad del estado.Using Reverse Engineering to Face MalwareCarlos Sánchez Venegas, Camilo Aguado Bedoya, Daniel Díaz López, Juan Carlos García Ruiz26 páginas.application/pdfspaEDICIONES UCC PRODUCTSBogotáhttps://creativecommons.org/licenses/by-nc-sa/4.0/info:eu-repo/semantics/openAccessAtribución-NoComercial-CompartirIgual 4.0 Internacional (CC BY-NC-SA 4.0)http://purl.org/coar/access_right/c_abf2https://revistas.ucc.edu.co/index.php/in/article/view/2745Using Reverse Engineering to Handle MalwareUtilizando la ingeniería inversa para enfrentar MalwareArtículo de revistainfo:eu-repo/semantics/publishedVersionhttp://purl.org/coar/resource_type/c_6501http://purl.org/coar/resource_type/c_2df8fbb1Textinfo:eu-repo/semantics/articlehttp://purl.org/redcol/resource_type/ARThttp://purl.org/coar/version/c_970fb48d4fbd8a85262115N/AIngeniería SolidariaM. Sikorski and A. Honig, “Practical Malware Analysis,” vol. 53, no. 9. No Starch Press, San Francisco, pp. 650–652, 2012. doi: 10.1016/s1353-4858(12)70109-5K. Dunham, S. Hartman, J. Morales, M. Quintans, and T. Strazzere, “Android Malware And Analysis.” CRC Press, p. 232, 2014.[Online]. Available: https://www.crcpress.com/ Android-Malware-and-Analysis/Dunham-Hartman-Quintans-Morales-Strazzere/p/ book/9781482252194 doi:10.1201/b17598J. J. Drake, Z. Lanier, C. Mulliner, P. Oliva, S. A. Ridley, and G. Wicherski, “Android hacker’s han dbook.” John Wiley & Sons, p. 577, 2014. [Online]. Available: https://www.wiley.com/en-co/ Android+Hacker%27s+Handbook-p-9781118922255Radare, “radare/radare2: unix-like reverse engineering framework and commandline tools security.” [Online]. Available: https://github.com/radare/radare2.E. Eilam and E. J. Chikofsky, “Reversing: Secrets of Reverse Engineering.” John Wiley & Sons, p. 624, 2011. [Online]. Available: https://www.wiley.com/en-co/Android+ Hacker%27s+Handbook-p-9781118922255A. Singh, “Identifying Malicious code through Reverse Engineering,” vol. 44. Springer Science & Business Media, p. 198, 2009. [Online]. Available: https://www.springer.com/la/ book/9780387098241 doi:10.1007/978-0-387-89468-3D. Oktavianto and I. Muhardianto, “Cuckoo Malware Analysis.” Packt Publishing Ltd, p. 142, 2013. [Online]. Available: https://www.packtpub.com/hardware-and-creative/cuckoo- malware-analysisC. Elisan, “Advanced Malware Analysis.” McGraw Hill Professional, p. 464, 2015. [Online]. Available: https://www.mhprofessional.com/9780071819749-usa-advanced-malware-analysis-groupM. Ligh, A. Case, J. Levy, and Aa. Walters, “The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory,” vol. 1. John Wiley & Sons, p. 912, 2014. [Online]. Available: https://www.wiley.com/en-co/The+Art+of+Memory+Forensics%3A+Detecting+ Malware+ and+Threats+in+Windows%2C+Linux%2C+and+Mac+Memory-p-9781118824993D. Regalado, S. Harris, A. Harper, C. Eagle, and J. Ness, “Gray hat hacking: the ethical hac ker’s handbook.” McGraw Hill Professional, p. 577, 2008. [Online]. Available: https://www. mhprofessional.com/9781260108415-usa-gray-hat-hacking-the-ethical-hackers-handbook fifth-edition-group doi: 10.1036/0071495681P. Shah, “Security Sandboxing for PC2: Windows Version,” California State University, Sacramento, 2017. [Online]. Available: https://csus-dspace.calstate.edu/bitstream/hand le/10211.3/190565/SecuritySandboxingForPC2WindowsVersion.pdf?sequence=1C. Eagle, “The IDA Pro Book.” No Starch Press, p. 672, 2011. [Online]. Available: https://nos tarch.com/idapro2.htmAptoide S.A, Aptoide | Descarga, encuentra y comparte los mejores juegos y apps para Android. [Online]. Available: https://es.aptoide.com/.Klinnerds, “World Cup 2018 Yeah! - Russia 2018 2.2.3 Descargar APK para Android - Aptoide.” [Online]. Available: https://world-cup-2018-yeah-russia-2018.es.aptoide.com/J. Morris, “Hands-On Android UI Development: Design and develop attractive user interfaces for Android applications.” Packt Publishing Ltd, p. 348, 2017. [Online]. Available: https://www. packtpub.com/application-development/hands-android-ui-developmentN. Elenkov, “Android Security Internals: An In-Depth Guide to Android’s Security Architecture.” No Starch Press, p. 432, 2014. [Online]. Available: https://nostarch.com/androidsecurityA. Dubkey and A. Misra, “Android Security: Attacks and Defenses.” CRC Press, p. 280, 2016. [Online]. Available: https://www.crcpress.com/Android-Security-Attacks-and-Defenses/ Misra-Dubey/p/book/9781439896471K. Dunham, “Mobile Malware Attacks and Defense.” Syngress, p. 440, 2008. [Online]. Available: https://cdn.sonicwall.com/sonicwall.com/media/pdfs/resources/2018-snwl-cy ber-threat-report.pdfK. Mandia, C. Prosise, and M. Pepe, “Incident Response & Computer Forensics.” McGraw Hill Professional, p. 624, 2014. [Online]. Available: https://www.mhprofessional. com/9780071798686-usa-incident-response-computer-forensics-third-edition-groupM. Christodorescu, S. Jha, C. Wang, D. Song, and D. Maughan, “Malware Detection.” Springer Science & Business Media, p. 312, 2007. [Online]. Available: https://www.springer.com/la/ book/9780387327204 doi: 10.1007/978-0-387-44599-1V. Total, “YARA – VirusTotal.” [Online]. Available: https://support.virustotal.com/hc/en-us/ articles/115002178945-YARA.D. Balzarotti, M. Cova, and S. Stolfo, “Research in Attacks, Intrusions, and Defenses,” vol. 7462. Springer, p. 400, 2012. doi: 10.1007/978-3-642-33338-5M. Spreitzenbarth and J. Uhrmann, “Mastering Python Forensics,” vol. 21. Packt Publishing Ltd, p. 192, 2015. [Online]. Available: https://www.packtpub.com/networking-and-servers/ mastering-python-forensicsJ. Six, “Application Security for the Android Platform.” O’Reilly Media, p. 97, 2011. [Online]. Available: http://shop.oreilly.com/product/0636920022596.doM. Goodman, “Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It.” Knopf Doubleday Publishing Group, p. 10100, 2015. [Online]. Available: http://www.futurecrimesbook.com/T. Intelligence and I. Analysis, “2018 SonicWall Cyber Threat Report,” 2018. [Online]. Available: https://cdn.sonicwall.com/sonicwall.com/media/pdfs/resources/2018-snwl-cy ber-threat-report.pdfC. Abad-Aramburu, “Aplicación de metodología de Análisis de Malware al caso de estudio de la Amenaza Avanzada Persistente (APT) ‘Octubre Rojo.’” España, p. 2, 2015. [Online]. Available: http://reunir.unir.net/handle/123456789/2841J. Muniz, G. McIntyre, and N. AlFardan, “Security Operations Center: Building, Operating, and Maintaining your SOC,” vol. 2. Cisco Press, p. 21, 2015. [Online]. Available: http://www.ciscopress. com/store/security-operations-center-building-operating-and-maintaining-9780134052014Ingeniería inversaRadarSandboxingReglas de YaraAnálisis de malwareReverse engineeringRadareYara rulesMalware analysisORIGINALUsing Reverse Engineering to Face Malware.pdfUsing Reverse Engineering to Face Malware.pdfArtículo principal.application/pdf16907176https://repositorio.escuelaing.edu.co/bitstream/001/1858/1/Using%20Reverse%20Engineering%20to%20Face%20Malware.pdf809cccc695c022a0ccb87876f0e27c6bMD51metadata only accessLICENSElicense.txtlicense.txttext/plain; charset=utf-81881https://repositorio.escuelaing.edu.co/bitstream/001/1858/2/license.txt5a7ca94c2e5326ee169f979d71d0f06eMD52open accessTEXTUsing Reverse Engineering to Face Malware.pdf.txtUsing Reverse Engineering to Face Malware.pdf.txtExtracted texttext/plain50852https://repositorio.escuelaing.edu.co/bitstream/001/1858/3/Using%20Reverse%20Engineering%20to%20Face%20Malware.pdf.txta30ec7c8e14dff7f38862c82a6354478MD53open accessTHUMBNAILUsing Reverse Engineering to Face Malware.pdf.jpgUsing Reverse Engineering to Face Malware.pdf.jpgGenerated Thumbnailimage/jpeg10309https://repositorio.escuelaing.edu.co/bitstream/001/1858/4/Using%20Reverse%20Engineering%20to%20Face%20Malware.pdf.jpgad6bbb8103186a604700dd656577bd0eMD54open access001/1858oai:repositorio.escuelaing.edu.co:001/18582022-07-18 13:34:38.418metadata only accessRepositorio Escuela Colombiana de Ingeniería Julio Garavitorepositorio.eci@escuelaing.edu.coU0kgVVNURUQgSEFDRSBQQVJURSBERUwgR1JVUE8gREUgUEFSRVMgRVZBTFVBRE9SRVMgREUgTEEgQ09MRUNDScOTTiAiUEVFUiBSRVZJRVciLCBPTUlUQSBFU1RBIExJQ0VOQ0lBLgoKQXV0b3Jpem8gYSBsYSBFc2N1ZWxhIENvbG9tYmlhbmEgZGUgSW5nZW5pZXLDrWEgSnVsaW8gR2FyYXZpdG8gcGFyYSBwdWJsaWNhciBlbCB0cmFiYWpvIGRlIGdyYWRvLCBhcnTDrWN1bG8sIHZpZGVvLCAKY29uZmVyZW5jaWEsIGxpYnJvLCBpbWFnZW4sIGZvdG9ncmFmw61hLCBhdWRpbywgcHJlc2VudGFjacOzbiB1IG90cm8gKGVuICAgIGFkZWxhbnRlIGRvY3VtZW50bykgcXVlIGVuIGxhIGZlY2hhIAplbnRyZWdvIGVuIGZvcm1hdG8gZGlnaXRhbCwgeSBsZSBwZXJtaXRvIGRlIGZvcm1hIGluZGVmaW5pZGEgcXVlIGxvIHB1YmxpcXVlIGVuIGVsIHJlcG9zaXRvcmlvIGluc3RpdHVjaW9uYWwsIAplbiBsb3MgdMOpcm1pbm9zIGVzdGFibGVjaWRvcyBlbiBsYSBMZXkgMjMgZGUgMTk4MiwgbGEgTGV5IDQ0IGRlIDE5OTMsIHkgZGVtw6FzIGxleWVzIHkganVyaXNwcnVkZW5jaWEgdmlnZW50ZQphbCByZXNwZWN0bywgcGFyYSBmaW5lcyBlZHVjYXRpdm9zIHkgbm8gbHVjcmF0aXZvcy4gRXN0YSBhdXRvcml6YWNpw7NuIGVzIHbDoWxpZGEgcGFyYSBsYXMgZmFjdWx0YWRlcyB5IGRlcmVjaG9zIGRlIAp1c28gc29icmUgbGEgb2JyYSBlbiBmb3JtYXRvIGRpZ2l0YWwsIGVsZWN0csOzbmljbywgdmlydHVhbDsgeSBwYXJhIHVzb3MgZW4gcmVkZXMsIGludGVybmV0LCBleHRyYW5ldCwgeSBjdWFscXVpZXIgCmZvcm1hdG8gbyBtZWRpbyBjb25vY2lkbyBvIHBvciBjb25vY2VyLgpFbiBtaSBjYWxpZGFkIGRlIGF1dG9yLCBleHByZXNvIHF1ZSBlbCBkb2N1bWVudG8gb2JqZXRvIGRlIGxhIHByZXNlbnRlIGF1dG9yaXphY2nDs24gZXMgb3JpZ2luYWwgeSBsbyBlbGFib3LDqSBzaW4gCnF1ZWJyYW50YXIgbmkgc3VwbGFudGFyIGxvcyBkZXJlY2hvcyBkZSBhdXRvciBkZSB0ZXJjZXJvcy4gUG9yIGxvIHRhbnRvLCBlcyBkZSBtaSBleGNsdXNpdmEgYXV0b3LDrWEgeSwgZW4gY29uc2VjdWVuY2lhLCAKdGVuZ28gbGEgdGl0dWxhcmlkYWQgc29icmUgw6lsLiBFbiBjYXNvIGRlIHF1ZWphIG8gYWNjacOzbiBwb3IgcGFydGUgZGUgdW4gdGVyY2VybyByZWZlcmVudGUgYSBsb3MgZGVyZWNob3MgZGUgYXV0b3Igc29icmUgCmVsIGRvY3VtZW50byBlbiBjdWVzdGnDs24sIGFzdW1pcsOpIGxhIHJlc3BvbnNhYmlsaWRhZCB0b3RhbCB5IHNhbGRyw6kgZW4gZGVmZW5zYSBkZSBsb3MgZGVyZWNob3MgYXF1w60gYXV0b3JpemFkb3MuIEVzdG8gCnNpZ25pZmljYSBxdWUsIHBhcmEgdG9kb3MgbG9zIGVmZWN0b3MsIGxhIEVzY3VlbGEgYWN0w7phIGNvbW8gdW4gdGVyY2VybyBkZSBidWVuYSBmZS4KVG9kYSBwZXJzb25hIHF1ZSBjb25zdWx0ZSBlbCBSZXBvc2l0b3JpbyBJbnN0aXR1Y2lvbmFsIGRlIGxhIEVzY3VlbGEsIGVsIENhdMOhbG9nbyBlbiBsw61uZWEgdSBvdHJvIG1lZGlvIGVsZWN0csOzbmljbywgCnBvZHLDoSBjb3BpYXIgYXBhcnRlcyBkZWwgdGV4dG8sIGNvbiBlbCBjb21wcm9taXNvIGRlIGNpdGFyIHNpZW1wcmUgbGEgZnVlbnRlLCBsYSBjdWFsIGluY2x1eWUgZWwgdMOtdHVsbyBkZWwgdHJhYmFqbyB5IGVsIAphdXRvci5Fc3RhIGF1dG9yaXphY2nDs24gbm8gaW1wbGljYSByZW51bmNpYSBhIGxhIGZhY3VsdGFkIHF1ZSB0ZW5nbyBkZSBwdWJsaWNhciB0b3RhbCBvIHBhcmNpYWxtZW50ZSBsYSBvYnJhIGVuIG90cm9zIAptZWRpb3MuRXN0YSBhdXRvcml6YWNpw7NuIGVzdMOhIHJlc3BhbGRhZGEgcG9yIGxhcyBmaXJtYXMgZGVsIChsb3MpIGF1dG9yKGVzKSBkZWwgZG9jdW1lbnRvLiAKU8OtIGF1dG9yaXpvIChhbWJvcykK |