Blending Fuzzing and Symbolic Execution for Malware Analysis

Abstract

Malware infections have grown at least five-fold in the past five years. With an increase in IoT devices that are lacking built-in security, this problem is likely to only continue growing. Malware analysis, meanwhile, is becoming ever more challenging. Where manual analysis, symbolic execution, or fuzzing alone are overly time consuming or unfruitful, a combination of these techniques may offer promising solutions. This paper suggests a combination of fuzzing and symbolic execution to reverse engineer malware. A framework is described to tie these components together, producing test cases that call all functionality of a malware binary. These test cases show researchers the protocol used by the malware, as well as its capabilities, and allow for a reconstruction of the C&C server as desired. The goal of this work is to allow researchers to better understand malware and how to effectively combat it.