Volume 7 Number 8 (Aug. 2012)
Home > Archive > 2012 > Volume 7 Number 8 (Aug. 2012) >
JSW 2012 Vol.7(8): 1706-1712 ISSN: 1796-217X
doi: 10.4304/jsw.7.8.1706-1712

Reverse Analysis of Malwares: A Case Study on QQ Passwords Collection

Luo Wenhua, Li Na, and Tang Yanjun

Computer Crime Investigation Department of China Criminal Police University, Shenyang, China

Abstract—Malware analysis is becoming an important specialization in the field of digital investigation. Reverse analysis is the most common method in analyzing malware. The reverse analysis process is an advanced and efficient method that exposes the intention and processes of malware. This paper introduces the basic concepts, methods, and tools of the reverse analysis process. A true case study of malware in China, used to obtain QQ account information and passwords, is presented to illustrate the whole process of the reverse analysis process of malware from the aspects of checking pack, unpacking, breakpoint setting, program tracing, anti-kill technique and key information acquiring.

Index Terms—Malware; Digital Investigation; Reversing; QQ Passwords Collecting; Start Function; Shell; Windows API


Cite: Luo Wenhua, Li Na, and Tang Yanjun, "Reverse Analysis of Malwares: A Case Study on QQ Passwords Collection," Journal of Software vol. 7, no. 8, pp. 1706-1712, 2012.

General Information

ISSN: 1796-217X (Online)
Frequency:  Quarterly
Editor-in-Chief: Prof. Antanas Verikas
Executive Editor: Ms. Yoyo Y. Zhou
Abstracting/ Indexing: DBLP, EBSCO, CNKIGoogle Scholar, ProQuest, INSPEC(IET), ULRICH's Periodicals Directory, WorldCat, etc
E-mail: jsw@iap.org
  • Apr 26, 2021 News!

    Vol 14, No 4- Vol 14, No 12 has been indexed by IET-(Inspec)     [Click]

  • Nov 18, 2021 News!

    Papers published in JSW Vol 16, No 1- Vol 16, No 6 have been indexed by DBLP   [Click]

  • Dec 24, 2021 News!

     Vol 15, No 1- Vol 15, No 6 has been indexed by IET-(Inspec)   [Click]

  • Jan 04, 2024 News!

    JSW will adopt Article-by-Article Work Flow

  • Dec 06, 2019 News!

    Vol 14, No 1- Vol 14, No 4 has been indexed by EI (Inspec)   [Click]