Tuesday 28th May, 2013
1:50pm to 2:40pm
Modern malware use a lot of obfuscation techniques to make its code more difficult to understand for malware analysts, with the hope of preventing attempts to reverse engineer their codes. Unfortunately, malware analysts are still reversing such nasty codes manually since there are no reliable tools to help with this problem.
OptiCode is the answer to this headache. Our tool combines theorem prover and compiler techniques to automatically find and remove the obfuscated sections, then presents the cleaned code to the users. Available as a Web-based tool and IDA plugin, OptiCode is user-friendly, and supports both 32-bit and 64-bit Intel platforms.
In this talk, we will analyze some obfuscation techniques in use by malware, and introduce the design and implementation of OptiCode. Some cool demo will be presented, so the audience can see how OptiCode works in reality.
Sign in to add slides, notes or videos to this session