AMCAS: An Automatic Malicious Code Analysis System

Abstract

With the development of malicious code technology, the number of malicious code has continued to increase. So it is imperative to optimize the traditional manual analysis method by automatic malicious code analysis system. This paper presents AMCAS - an automatic malicious code analysis system. It includes malicious code static analyzer, dynamic analyzer and network behavior analyzer. Compared with some existing automatic analysis systems, this system integrates the advantages of static and dynamic analysis, and imports network behavior analysis. Static analyzer can get the unpacked binary code and CallGraph; dynamic analyzer can get the host behavior of malicious code and network behavior analyzer can get the malicious network behavior profile. Experiment shows that this system can get malicious code information efficiently.