An Exploration of shared code execution for malware analysis

Moses Ashawa, Nsikak Pius Owoh, Jackie Riley, Jude Osamor and Salaheddin Hosseinzadeh 2024. An Exploration of shared code execution for malware analysis. 2024 International Conference on Artificial Intelligence, Computer, Data Sciences and Applications (ACDSA). Victoria, Seychelles 01 - 02 Feb 2024 IEEE . https://doi.org/10.1109/acdsa59508.2024.10467679

TitleAn Exploration of shared code execution for malware analysis
AuthorsMoses Ashawa, Nsikak Pius Owoh, Jackie Riley, Jude Osamor and Salaheddin Hosseinzadeh
TypeConference paper
Abstract

In today’s ever evolving technology, malware is one of the most significant threats faced by individuals and corporate organizations. With the increasing sophistication of malware attacks, detecting malware becomes harder as many malware variants use different techniques, such as obfuscation, to evade detection. Even though advanced techniques, such as use of deep learning, prove to be of great success in classifying malware, the high computational resources needed for training and deploying deep learning models may not be feasible for all organizations or individuals. It is therefore essential to use fewer computational techniques to understand how malware can be analysed using shared code execution, which uses less computational resources. In this paper, we explored shared code execution as a novel approach for analyzing and understanding the behavior of malware. We dynamically analysed the shared code execution of the malicious payloads by looking at the dynamic link library found in NTDLL.dll. We demonstrated how samples make use of the LoadLibrary function using inline hooking techniques to overwrite the actual function code to create service execution and persistence using shared code execution. We identified functions that address the problem of encoding routine and domain obfuscation when malware uses seDebug Privilege to escalate privilege. Through realistic experiments, we found that executables such as Mod_77D4 Module, change at different instances using XOR encoding operations for each payload byte with a pre-defmed key. This helps sophisticated malware to create and bind address structures for remote control. Our proposed technique shows high analytical accuracy for sophisticated samples that use encoding and obfuscation methods to evade detection.

Year2024
Conference2024 International Conference on Artificial Intelligence, Computer, Data Sciences and Applications (ACDSA)
PublisherIEEE
Accepted author manuscript
File Access Level
Open (open metadata and files)
Publication dates
Published01 Feb 2024
Published online20 Mar 2024
Journal2024 International Conference on Artificial Intelligence, Computer, Data Sciences and Applications (ACDSA)
ISBN9798350394528
Digital Object Identifier (DOI)https://doi.org/10.1109/acdsa59508.2024.10467679
Web address (URL)http://dx.doi.org/10.1109/acdsa59508.2024.10467679

Related outputs

Digital Forensics Challenges in Cyberspace: Overcoming Legitimacy and Privacy Issues Through Modularisation
Ashawa, M., Mansour, A., Riley, J., Osamor, J. and Owoh, N.P. 2024. Digital Forensics Challenges in Cyberspace: Overcoming Legitimacy and Privacy Issues Through Modularisation. Cloud Computing and Data Science. 5 (1), pp. 140-156. https://doi.org/10.37256/ccds.512024

An Adaptive Temporal Convolutional Network Autoencoder for Malicious Data Detection in Mobile Crowd Sensing
Nsikak Owoh, Jackie Riley, Moses Ashawa, Salaheddin Hosseinzadeh, Anand Philip and Jude Osamor 2024. An Adaptive Temporal Convolutional Network Autoencoder for Malicious Data Detection in Mobile Crowd Sensing. Sensors. 24 (7) 2353. https://doi.org/10.3390/s24072353

Preprint: Enhancing Credit Card Fraud Detection: An Ensemble Machine Learning Approach
Abdul Rehman Khalid, Nsikak Owoh, Omair Uthmani, Moses Ashawa, Jude Osamor and John Adejoh 2024. Preprint: Enhancing Credit Card Fraud Detection: An Ensemble Machine Learning Approach. Preprints.org. https://doi.org/10.20944/preprints202312.1007.v1

Enhancing Credit Card Fraud Detection: An Ensemble Machine Learning Approach
Abdul Rehman Khalid, Nsikak Owoh, Omair Uthmani, Moses Ashawa, Jude Osamor and John Adejoh 2024. Enhancing Credit Card Fraud Detection: An Ensemble Machine Learning Approach. Big Data and Cognitive Computing. 8 (1) 6. https://doi.org/10.3390/bdcc8010006

Vehicular Propagation Velocity Forecasting Using Open CV
Udayan Das, Vandana Sharma, Madhabananda Das, Sushruta Mishra, Celestine Iwendi and Jude Osamor 2023. Vehicular Propagation Velocity Forecasting Using Open CV. 2023 4th International Conference on Computation, Automation and Knowledge Management (ICCAKM). Dubai, United Arab Emirates 12 - 13 Dec 2023 IEEE . https://doi.org/10.1109/iccakm58659.2023.10449587

Twitter Sentiment Analysis and Emotion Detection Using NLTK and TextBlob
Nehal, Divyank Jeet, Vandana Sharma, Sushruta Mishra, Celestine Iwendi and Jude Osamor 2023. Twitter Sentiment Analysis and Emotion Detection Using NLTK and TextBlob. 2023 4th International Conference on Computation, Automation and Knowledge Management (ICCAKM). Dubai, United Arab Emirates 12 - 13 Dec 2023 IEEE . https://doi.org/10.1109/iccakm58659.2023.10449540

Design and Implementation of an Optimized Mask RCNN Model for Liver Tumour Prediction and Segmentation
Raman Thakur, Dayal Rohan Volety, Vandana Sharma, Sushruta Mishra, Celestine Iwendi and Jude Osamor 2023. Design and Implementation of an Optimized Mask RCNN Model for Liver Tumour Prediction and Segmentation. 2023 4th International Conference on Computation, Automation and Knowledge Management (ICCAKM). Dubai, United Arab Emirates 12 - 13 Dec 2023 IEEE . https://doi.org/10.1109/iccakm58659.2023.10449653

Sustainable Climatic Metrics Determination with Ensemble Predictive Analytics
Ashis Pattanaik, Vandana Sharma, Kanhaiya Kunj, Sushruta Mishra, Celestine Iwendi and Jude Osamor 2023. Sustainable Climatic Metrics Determination with Ensemble Predictive Analytics. 2023 4th International Conference on Computation, Automation and Knowledge Management (ICCAKM). Dubai, United Arab Emirates 12 - 13 Dec 2023 IEEE . https://doi.org/10.1109/iccakm58659.2023.10449578

The Impact of Cyber Threats on the Global Food Supply Chain: a Focus on Grain Storage Security
Aliyu Yisa, Mohammed Gana Yisa, Jude Osamor and Mohammed Yisa 2023. The Impact of Cyber Threats on the Global Food Supply Chain: a Focus on Grain Storage Security. Authorea. https://doi.org/10.22541/au.169511622.28532721/v1

A big data study of language use and impact in radio broadcasting in China
Ruihua Zhang, Jincheng Zhou, Tao Hai, Shixue Zhang, Marvellous Iwendi, Mohd Asif Shah and Jude Osamor 2023. A big data study of language use and impact in radio broadcasting in China. Journal of Cloud Computing: Advances, Systems and Applications. 12 28. https://doi.org/10.1186/s13677-023-00399-6

Preprint: Higher Education Perceived Stress and Physical Stress: Big Data Analysis
Ruihua Zhang, Jincheng Zhou, Tao Hai, Shixue Zhang, Jude Osamor, Marvellous GodsPraise Iwendi and Mohammad Shah 2022. Preprint: Higher Education Perceived Stress and Physical Stress: Big Data Analysis. Research Square. https://doi.org/10.21203/rs.3.rs-2146058/v1

A novel trust-based security and privacy model for Internet of Vehicles using encryption and steganography
Manjari Singh Rathore, M. Poongodi, Praneet Saurabh, Umesh Kumar Lilhore, Sami Bourouis, Wajdi Alhakami, Jude Osamor and Mounir Hamdi 2022. A novel trust-based security and privacy model for Internet of Vehicles using encryption and steganography. Computers and Electrical Engineering. 102 108205. https://doi.org/10.1016/j.compeleceng.2022.108205

Inferences Derived from Reservoir Permeability Estimation Using Static and Dynamic Data: Core Data Analysis Versus Drawdown Tests
Francis Nwabia, Jude Osamor, Robinson Madu, Nkemakolam Izuwa and Anthony Chikwe 2021. Inferences Derived from Reservoir Permeability Estimation Using Static and Dynamic Data: Core Data Analysis Versus Drawdown Tests. in: Jia'en Lin (ed.) IPPTC 2021: Proceedings of the 2021 International Petroleum and Petrochemical Technology Conference Springer Nature. pp. 184-196

Permalink - https://westminsterresearch.westminster.ac.uk/item/w8x61/an-exploration-of-shared-code-execution-for-malware-analysis


Share this

Usage statistics

26 total views
26 total downloads
These values cover views and downloads from WestminsterResearch and are for the period from September 2nd 2018, when this repository was created.