Thesis Details
Vylepšování extrakce informací ze spustitelných souborů
This thesis deals with extension of an open-source decompiler project called RetDec maintained by the Avast company. The goal is to develop an extension of data extraction from executable files for malware analysis improvement. The thesis proposes several possible improvements on data extraction in the RetDec project. The most useful of these suggested enhancements are then selected and implemented. The selected enhancements involve calculating a hash of symbol names in Linux executable files and a more extensive analysis of Authenticode format, a Microsoft technology for digital signing of executable files for Windows operating systems. The thesis implements the selected additional data extractions in the RetDec project and tests them on real-world malware samples.
RetDec, reverse engineering, executable files, PE, ELF, malware, Authenticode, import hash, telfhash
Malinka Kamil, Mgr., Ph.D. (DITS FIT BUT), člen
Ryšavý Ondřej, doc. Ing., Ph.D. (DIFS FIT BUT), člen
Strnadel Josef, Ing., Ph.D. (DCSY FIT BUT), člen
Szőke Igor, Ing., Ph.D. (DCGM FIT BUT), člen
@bachelorsthesis{FITBT23240,
author = "Karel H\'{a}jek",
type = "Bachelor's thesis",
title = "Vylep\v{s}ov\'{a}n\'{i} extrakce informac\'{i} ze spustiteln\'{y}ch soubor\r{u}",
school = "Brno University of Technology, Faculty of Information Technology",
year = 2021,
location = "Brno, CZ",
language = "czech",
url = "https://www.fit.vut.cz/study/thesis/23240/"
}