Skip to Main content Skip to Navigation
Journal articles

Code synchronization by morphological analysis

Guillaume Bonfante 1 Jean-Yves Marion 1, * Fabrice Sabatier 1 Aurélien Thierry 1
* Corresponding author
1 CARTE - Theoretical adverse computations, and safety
Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : Reverse-engineering malware code is a difficult task, usually full of the traps put by the malware writers. Since the quality of defense softwares depends largely on the analysis of the malware, it becomes crucial to help the software investigators with automatic tools. We describe and present a tool which synchronizes two related binary programs. Our tool finds some common machine instructions between two programs and may display the correspondence instruction by instruction in IDA. Experiments were performed on many malware such as stuxnet, duqu, sality or waledac. We have rediscovered some of the links between duqu and stuxnet, and we point out OpenSSL's use within waledac.
Complete list of metadatas

Cited literature [8 references]  Display  Hide  Download
Contributor : Aurélien Thierry <>
Submitted on : Wednesday, December 12, 2012 - 4:34:15 PM
Last modification on : Tuesday, December 18, 2018 - 4:48:02 PM
Document(s) archivé(s) le : Sunday, December 18, 2016 - 12:23:09 AM


Files produced by the author(s)


  • HAL Id : hal-00764286, version 1



Guillaume Bonfante, Jean-Yves Marion, Fabrice Sabatier, Aurélien Thierry. Code synchronization by morphological analysis. 7th International Conference on Malicious and Unwanted Software (Malware 2012), IEEE Xplore, 2012. ⟨hal-00764286⟩



Record views


Files downloads