JSW 2012 Vol.7(8): 1706-1712 ISSN: 1796-217X
doi: 10.4304/jsw.7.8.1706-1712
doi: 10.4304/jsw.7.8.1706-1712
Reverse Analysis of Malwares: A Case Study on QQ Passwords Collection
Luo Wenhua, Li Na, and Tang Yanjun
Computer Crime Investigation Department of China Criminal Police University, Shenyang, China
Abstract—Malware analysis is becoming an important specialization in the field of digital investigation. Reverse analysis is the most common method in analyzing malware. The reverse analysis process is an advanced and efficient method that exposes the intention and processes of malware. This paper introduces the basic concepts, methods, and tools of the reverse analysis process. A true case study of malware in China, used to obtain QQ account information and passwords, is presented to illustrate the whole process of the reverse analysis process of malware from the aspects of checking pack, unpacking, breakpoint setting, program tracing, anti-kill technique and key information acquiring.
Index Terms—Malware; Digital Investigation; Reversing; QQ Passwords Collecting; Start Function; Shell; Windows API
Abstract—Malware analysis is becoming an important specialization in the field of digital investigation. Reverse analysis is the most common method in analyzing malware. The reverse analysis process is an advanced and efficient method that exposes the intention and processes of malware. This paper introduces the basic concepts, methods, and tools of the reverse analysis process. A true case study of malware in China, used to obtain QQ account information and passwords, is presented to illustrate the whole process of the reverse analysis process of malware from the aspects of checking pack, unpacking, breakpoint setting, program tracing, anti-kill technique and key information acquiring.
Index Terms—Malware; Digital Investigation; Reversing; QQ Passwords Collecting; Start Function; Shell; Windows API
Cite: Luo Wenhua, Li Na, and Tang Yanjun, "Reverse Analysis of Malwares: A Case Study on QQ Passwords Collection," Journal of Software vol. 7, no. 8, pp. 1706-1712, 2012.
General Information
ISSN: 1796-217X (Online)
Frequency: Quarterly
Editor-in-Chief: Prof. Antanas Verikas
Executive Editor: Ms. Yoyo Y. Zhou
Abstracting/ Indexing: DBLP, EBSCO, CNKI, Google Scholar, ProQuest, INSPEC(IET), ULRICH's Periodicals Directory, WorldCat, etc
E-mail: jsweditorialoffice@gmail.com
-
Mar 01, 2024 News!
Vol 19, No 1 has been published with online version [Click]
-
Jan 04, 2024 News!
JSW will adopt Article-by-Article Work Flow
-
Apr 01, 2024 News!
Vol 14, No 4- Vol 14, No 12 has been indexed by IET-(Inspec) [Click]
-
Apr 01, 2024 News!
Papers published in JSW Vol 18, No 1- Vol 18, No 6 have been indexed by DBLP [Click]
-
Nov 02, 2023 News!
Vol 18, No 4 has been published with online version [Click]