Clone wiki

virusbattle-sdk / Malware Signature Generation

VirusBattle for Malware Signature Generation

VirusBattle can analyze large collection of labelled malware and generate semantic signatures common to the family. VirusBattle analyses are capable of locating and identifying even the smallest set of procedures common to a family and generate obfuscation resistant, semantically meaningful signatures.

Additionally, VirusBattle can also perform probabilistic analysis to calculate a confidence value with which it assigns a new malware variant to a known family.

Below graph show no. of procedures (y-axis) vs. percentage of nitol binaries they are found in (x-axis) as identified by VirusBattle. The graph shows that VirusBattle is capable of finding the needle in haystack! It successfully generated juice based signatures for the set of 5 procedures that were present in more than 95% of nitol executables.

nitol Proc Sharing.png