Deobfuscator: An Automated Approach to the Identification and Removal of Code Obfuscation

Authors:
Jason Raber;Eric Laspe
Affiliations:
-;-
Venue:
WCRE '07 Proceedings of the 14th Working Conference on Reverse Engineering
Year:
2007

Citing 0
Cited 3

Large-scale malware indexing using function-call graphs

Proceedings of the 16th ACM conference on Computer and communications security
binOb+: a framework for potent and stealthy binary obfuscation

ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
MutantX-S: scalable malware clustering based on static features

USENIX ATC'13 Proceedings of the 2013 USENIX conference on Annual Technical Conference

Quantified Score

Hi-index	0.00

Visualization

Abstract

The Deobfuscator is an IDA Pro plug-in that neutralizes anti-disassembly code and transforms obfuscated code to simplified code in the actual binary. This plug-in is used in conjunction with a binary injector to remove obfuscated code and replace it with a simplified, transformed equivalent. We developed this tool in assessing strengths of protections and malware analysis for DoD government entities and commercial companies.