Hardware-assisted Packed Malware Analysis 

10:30 am
Friday February 23rd, 2024
Room 3107
Patrick F. Taylor Hall




Over the past two decades, malware packed in a compressed or encrypted form has posed a significant challenge to malware forensics and machine-learning- based malware classifiers. However, existing malware unpacking solutions often struggle to remain transparent from packed malware. To advance packed malware analysis, my research explores the proper use of hardware features such as hardware tracing mechanism and hardware events to represent unpacking behaviors. In this talk, I will first present work to tame hardware events’ non-determinism nature for malware unpacking. Leveraging multiple hardware features, an obfuscation-resilient solution was developed that excels in identifying the original malware payload. Then, I will present the follow-up work to measure hardware events for packer classification and low-entropy packer detection. These approaches exhibit strong resistance to anti-unpacking methods that can impede their software-level counterparts. Security professionals utilizing these techniques will enjoy a simpler and more streamlined malware unpacking process than ever before. 

Erika Leal

Erika Leal

Tulane University

Erika Leal is currently a Ph.D. candidate in the Department of Computer Science at Tulane University. Her research focuses on hardware-assisted malware analysis. In addition to her research endeavors, she is an instructor for a course tailored for non-programmers.  Erika held an internship at the Pacific Northwestern National Lab and maintains active collaboration with fellow researchers. She has served as a PC member for the International Workshop on Cyber Security in High-Performance Computing at Supercomputing for two consecutive years.