| Summary: | 碩士 === 健行科技大學 === 資訊工程系碩士班 === 103 === There are a large number of unknown malware sample recently. However, computer technology has not been developed in the past decade. It was told that quantity does not equal quality. But the quality of malware is improving with time. All kinds of anti-analysis technology is to conflict with information security personnel. Actually, samples analyze by manual analysis is inefficient. Besides, there have Anti-Analysis technology to disturb analysts, Because of that, there is an Automated Malware Analysis System to against them(Hereinafter referred to as SandBox). It not only have a environment that can be controlled and have monitor and collect sample modules, but also have static analysis, and the most important modules that can trigger samples. This system improve the efficiency of the analyzed sample and this is the best way to analyze sample until now. “While the priest climbs a post, the devil climbs ten”, malware developer start to develop Anti-SandBox technology. It will stop doing malicious behavior as soon as it detect there is a SandBox .Of course, SandBox can not detect suspicious information. This paper aims to study Anti-Sanbox or Anti-VM mechanism try to use existing SandBox technology for analysing malware, and find how the malware can avoide SandBox caught and identifying current running on what kind of SandBox software Finally, the experiment will out of into a single software technology, provding the user free with this technology for investigating SandBox environment.
|
|---|
