An Instrumented Analysis of Unknown Software and Malware Driven by Free Libre Open Source Software

Abstract

Reverse engineering is often the last resort for analyzing unknown or closed source software. Such an investigation is motivated by a risk evaluation of closed source programs or by evaluating consequences and countermeasures against infections by malicious programs that are often closed source. This article presents a success story where we used and modified free software serving as environment for analyzing unknown software. We explain how a malware sandbox can be constructed based on free software. Moreover we describe how we modified free software to improve malware analysis with additional features or extensions. Free software helped us to increase the accuracy of malware or unknown software analysis.