•  

Opticode: machine code deobfuscation for malware analysts

A session at CONFidence 2013

  • Nguyen Anh Quynh

Tuesday 28th May, 2013

1:50pm to 2:40pm (WMT)

Modern malware use a lot of obfuscation techniques to make its code more difficult to understand for malware analysts, with the hope of preventing attempts to reverse engineer their codes. Unfortunately, malware analysts are still reversing such nasty codes manually since there are no reliable tools to help with this problem.

OptiCode is the answer to this headache. Our tool combines theorem prover and compiler techniques to automatically find and remove the obfuscated sections, then presents the cleaned code to the users. Available as a Web-based tool and IDA plugin, OptiCode is user-friendly, and supports both 32-bit and 64-bit Intel platforms.

In this talk, we will analyze some obfuscation techniques in use by malware, and introduce the design and implementation of OptiCode. Some cool demo will be presented, so the audience can see how OptiCode works in reality.

About the speaker

This person is speaking at this event.
Nguyen Anh Quynh

Sign in to add slides, notes or videos to this session

CONFidence 2013

Poland Poland, Krakow

28th29th May 2013

Tell your friends!

When

Time 1:50pm2:40pm WMT

Date Tue 28th May 2013

Short URL

lanyrd.com/schpmd

Official session page

2013.confidence.org.pl/…enda

View the schedule

Share

See something wrong?

Report an issue with this session