CACEE: Context Aware Concolic Execution Engine for Malware Analysis
MetadataShow full item record
An emerging pattern in malware is the use of public web services for command andcontrol (C&C) infrastructure. This new trend, combined with the short lifespan of malwarein the wild, makes extracting behaviors from malware in an automated fashion a difficultproblem. The Context-Aware Concolic Execution Engine (CACEE) is a tool designed torecreate the original execution context, forcing Windows 32-bit malware to execute theirpayloads as if they were still operational. CACEE monitors the flow of data as the payloadexecutes, and uses this information to synthesize the behaviors the malware exhibits. Threemalware case studies that abuse public web services are analyzed with CACEE, and theresults are compared against manual reverse engineering.