Skip to Main content Skip to Navigation
New interface
Conference papers

Code synchronization by morphological analysis

Guillaume Bonfante 1 Jean-Yves Marion 1, * Fabrice Sabatier 1 Aurélien Thierry 1 
* Corresponding author
1 CARTE - Theoretical adverse computations, and safety
Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : Reverse-engineering malware code is a difficult task, usually full of the traps put by the malware writers. Since the quality of defense softwares depends largely on the analysis of the malware, it becomes crucial to help the software investigators with automatic tools. We describe and present a tool which synchronizes two related binary programs. Our tool finds some common machine instructions between two programs and may display the correspondence instruction by instruction in IDA. Experiments were performed on many malware such as stuxnet, duqu, sality or waledac. We have rediscovered some of the links between duqu and stuxnet, and we point out OpenSSL's use within waledac.
Document type :
Conference papers
Complete list of metadata

Cited literature [8 references]  Display  Hide  Download
Contributor : Aurélien Thierry Connect in order to contact the contributor
Submitted on : Wednesday, December 12, 2012 - 4:34:15 PM
Last modification on : Saturday, June 25, 2022 - 7:39:32 PM
Long-term archiving on: : Sunday, December 18, 2016 - 12:23:09 AM


Files produced by the author(s)


  • HAL Id : hal-00764286, version 1



Guillaume Bonfante, Jean-Yves Marion, Fabrice Sabatier, Aurélien Thierry. Code synchronization by morphological analysis. MALWARE 2012 - 7th International Conference on Malicious and Unwanted Software, Oct 2012, Fajardo, United States. ⟨hal-00764286⟩



Record views


Files downloads