56103 20200221144310.0 doi 10.1109/TLA.2016.7437254 sideral 95032 ART-2016-95032 spa (orcid)0000-0001-7982-0359 Rodriguez, Ricardo J. Universidad de Zaragoza Towards the detection of isolation-aware malware 2016 Access copy available to the general public Unrestricted Malware analysis tools have evolved in the last years providing tightly controlled sandbox and virtualised environments where malware is analysed minimising potential harmful consequences. Unfortunately, malware has advanced in parallel, being currently able to recognise when is running in sandbox or virtual environments and then, behaving as a non-harmful application or even not executing at all. This kind of malware is usually called analysis-aware malware. In this paper, we propose a tool to detect the evasion techniques used by analysis-aware malware within sandbox or virtualised environments. Our tool uses Dynamic Binary Instrumentation to maintain the binary functionality while executing arbitrary code. We evaluate the tool under a set of well-known analysis-aware malware showing its current effectiveness. Finally, we discuss limitations of our proposal and future directions. info:eu-repo/grantAgreement/ES/MICINN/TIN2014-58457-R info:eu-repo/semantics/openAccess by http://creativecommons.org/licenses/by/3.0/es/ 0.631 2016 ENGINEERING, ELECTRICAL & ELECTRONIC 221 / 260 = 0.85 2016 Q4 T3 COMPUTER SCIENCE, INFORMATION SYSTEMS 135 / 146 = 0.925 2016 Q4 T3 0.227 2016 Computer Science (miscellaneous) 2016 Q2 Electrical and Electronic Engineering 2016 Q3 info:eu-repo/semantics/article info:eu-repo/semantics/acceptedVersion Rodriguez Gaston, Iñaki Alonso, Javier 5007 570 Universidad de Zaragoza Dpto. Informát.Ingenie.Sistms. Área Lenguajes y Sistemas Inf. 14, 2 (2016), 1024-1036 IEEE LATIN AMERICA TRANSACTIONS 1548-0992 2169204 http://zaguan.unizar.es/record/56103/files/texto_completo.pdf Postprint 130689 http://zaguan.unizar.es/record/56103/files/texto_completo.jpg?subformat=icon icon Postprint oai:zaguan.unizar.es:56103 articulos driver 2020-02-21-13:36:52 ARTICLE