Improving Scalable, Automated Baremetal Malware Analysis presented at CounterMeasure 2014

by Paul Royal, Adam Allred,

Summary : The detection of virtualized malware analysis environments has become increasingly popular and commoditized. Sophisticated virtualization detection techniques are now available to any novice cyber criminal. As a result, multiple analysis environments have been crafted that attempt to address virtualization-based transparency shortcomings. One such response has involved the creation of baremetal malware analysis systems.
The challenge of baremetal malware analysis lies in the ability to reliably automate the processing of large volumes of malware despite reduced control over the analysis environment as compared to traditional virtualized systems. In this presentation we examine NVMTrace, an open source baremetal malware analysis framework. To improve the state of the art, we describe enhancements that both further increase the system's transparency and augment its reliability.