000056103 001__ 56103 000056103 005__ 20200221144310.0 000056103 0247_ $$2doi$$a10.1109/TLA.2016.7437254 000056103 0248_ $$2sideral$$a95032 000056103 037__ $$aART-2016-95032 000056103 041__ $$aspa 000056103 100__ $$0(orcid)0000-0001-7982-0359$$aRodriguez, Ricardo J.$$uUniversidad de Zaragoza 000056103 245__ $$aTowards the detection of isolation-aware malware 000056103 260__ $$c2016 000056103 5060_ $$aAccess copy available to the general public$$fUnrestricted 000056103 5203_ $$aMalware analysis tools have evolved in the last years providing tightly controlled sandbox and virtualised environments where malware is analysed minimising potential harmful consequences. Unfortunately, malware has advanced in parallel, being currently able to recognise when is running in sandbox or virtual environments and then, behaving as a non-harmful application or even not executing at all. This kind of malware is usually called analysis-aware malware. In this paper, we propose a tool to detect the evasion techniques used by analysis-aware malware within sandbox or virtualised environments. Our tool uses Dynamic Binary Instrumentation to maintain the binary functionality while executing arbitrary code. We evaluate the tool under a set of well-known analysis-aware malware showing its current effectiveness. Finally, we discuss limitations of our proposal and future directions. 000056103 536__ $$9info:eu-repo/grantAgreement/ES/MICINN/TIN2014-58457-R 000056103 540__ $$9info:eu-repo/semantics/openAccess$$aby$$uhttp://creativecommons.org/licenses/by/3.0/es/ 000056103 590__ $$a0.631$$b2016 000056103 591__ $$aENGINEERING, ELECTRICAL & ELECTRONIC$$b221 / 260 = 0.85$$c2016$$dQ4$$eT3 000056103 591__ $$aCOMPUTER SCIENCE, INFORMATION SYSTEMS$$b135 / 146 = 0.925$$c2016$$dQ4$$eT3 000056103 592__ $$a0.227$$b2016 000056103 593__ $$aComputer Science (miscellaneous)$$c2016$$dQ2 000056103 593__ $$aElectrical and Electronic Engineering$$c2016$$dQ3 000056103 655_4 $$ainfo:eu-repo/semantics/article$$vinfo:eu-repo/semantics/acceptedVersion 000056103 700__ $$aRodriguez Gaston, Iñaki 000056103 700__ $$aAlonso, Javier 000056103 7102_ $$15007$$2570$$aUniversidad de Zaragoza$$bDpto. Informát.Ingenie.Sistms.$$cÁrea Lenguajes y Sistemas Inf. 000056103 773__ $$g14, 2 (2016), 1024-1036$$tIEEE LATIN AMERICA TRANSACTIONS$$x1548-0992 000056103 8564_ $$s2169204$$uhttps://zaguan.unizar.es/record/56103/files/texto_completo.pdf$$yPostprint 000056103 8564_ $$s130689$$uhttps://zaguan.unizar.es/record/56103/files/texto_completo.jpg?subformat=icon$$xicon$$yPostprint 000056103 909CO $$ooai:zaguan.unizar.es:56103$$particulos$$pdriver 000056103 951__ $$a2020-02-21-13:36:52 000056103 980__ $$aARTICLE