Case Study: Trojan-Blocker Bulk Analysis

The Client

The client is a leading anti-virus software vendor with world-wide sales.

The Problem

Lots of Internet users are affected by malicious programs of Trojan-Ransom family. These trojans lock Windows desktops and demand ransom to unlock. The client set up a web-site where users can look-up a special numerical code to unlock the system without paying to criminals. The client’s need is to identify lists of unlocking codes for huge archives of malware, setup some automated infrastructure that will be capable for dealing with most of the malware samples automatically.

The Engagement

Design and Test Lab allocated dedicated reverse engineering resource.
The client shared a set of malware samples.
Design and Test Lab held initial research to define similar families in the malware set. Then designed and set up needed infrastructure for bulk automated analysis.
Developed necessary automation scripts. Done manual reverse engineering where automation is not beneficial.
Provided to the client: results filled in a DB, algorithms to identify codes, and scripts for automation.

Benefits and Results

Design and Test Lab’s analysts applied its knowledge to identify code patterns in trojan families. The analyst derived algorithms to generate unblocking codes for trojans. In results, the codes for 30,000+ malicious programs were identified automatically. Main task has being done in two months, then switched to the support phase.

	Case Study: Trojan-Blocker Bulk Analysis Home News Services Technology Expertise Malware Analysis and Removal Antivirus Testing Training Video Education Online trainings Encyclopedia About the Lab The Client The client is a leading anti-virus software vendor with world-wide sales. The Problem Lots of Internet users are affected by malicious programs of Trojan-Ransom family. These trojans lock Windows desktops and demand ransom to unlock. The client set up a web-site where users can look-up a special numerical code to unlock the system without paying to criminals. The client’s need is to identify lists of unlocking codes for huge archives of malware, setup some automated infrastructure that will be capable for dealing with most of the malware samples automatically. The Engagement Design and Test Lab allocated dedicated reverse engineering resource. The client shared a set of malware samples. Design and Test Lab held initial research to define similar families in the malware set. Then designed and set up needed infrastructure for bulk automated analysis. Developed necessary automation scripts. Done manual reverse engineering where automation is not beneficial. Provided to the client: results filled in a DB, algorithms to identify codes, and scripts for automation. Benefits and Results Design and Test Lab’s analysts applied its knowledge to identify code patterns in trojan families. The analyst derived algorithms to generate unblocking codes for trojans. In results, the codes for 30,000+ malicious programs were identified automatically. Main task has being done in two months, then switched to the support phase. Read more Case Study: Urgent Malware Analysis and Reporting on Demand Case Study: Rootkit Behavior Analysis and Antirootkit Tests Case Study: Trojan-Blocker Bulk Analysis Case Study: Search for Preferred Trojan Families Retrieved from "http://www.dnt-lab.com/en/Case_Study:_Trojan-Blocker_Bulk_Analysis"

© 2011 "Design and Test Lab", LLC. All rights reserved. Privacy policy About Design and Test Lab Disclaimers

Case Study: Trojan-Blocker Bulk Analysis

The Client

The Problem

The Engagement

Benefits and Results

Read more