Tweet
The paper is available here: http://rozinov.sfs.poly.edu/papers/b...ysis_v.1.0.pdf
The goal of this paper is to try to answer the following three questions:
1. How do you reverse engineer a virus?
2. Can reverse engineering a virus lead to better ways of detecting, preventing, and recovering from a virus and its future variants?
3. Can reverse engineering be done more efficiently?
The paper is organized into five sections and two appendixes. Section 1 is the introduction. Section 2 reviews basic x86 concepts, including registers, assembly, runtime data structures, and the stack. Section 3 gives a brief introduction to viruses, their history, and their types. Section 4 delves into the Beagle virus disassembly, including describing the techniques and resources used in this process as well as presenting a high level functional flow of the virus. Section 5 presents the conclusions of this research. Appendix A provides a detailed disassembly of the Beagle virus, while Appendix B presents the derived source code of the Beagle virus, as a result of this research.
The paper is available here: http://rozinov.sfs.poly.edu/papers/b...ysis_v.1.0.pdf
Please comment on it! I appreciate all feedback.
Thanks,
Konstantin Rozinov
The goal of this paper is to try to answer the following three questions:
1. How do you reverse engineer a virus?
2. Can reverse engineering a virus lead to better ways of detecting, preventing, and recovering from a virus and its future variants?
3. Can reverse engineering be done more efficiently?
The paper is organized into five sections and two appendixes. Section 1 is the introduction. Section 2 reviews basic x86 concepts, including registers, assembly, runtime data structures, and the stack. Section 3 gives a brief introduction to viruses, their history, and their types. Section 4 delves into the Beagle virus disassembly, including describing the techniques and resources used in this process as well as presenting a high level functional flow of the virus. Section 5 presents the conclusions of this research. Appendix A provides a detailed disassembly of the Beagle virus, while Appendix B presents the derived source code of the Beagle virus, as a result of this research.
The paper is available here: http://rozinov.sfs.poly.edu/papers/b...ysis_v.1.0.pdf
Please comment on it! I appreciate all feedback.
Thanks,
Konstantin Rozinov
Comment