Methods and systems for analyzing environment-sensitive malware with coverage-guided fuzzing

Abstract

The present invention concerns methods and systems for analyzing a software program as a potential environment-sensitive malware sample. The methods and systems described here may comprise monitoring access to environmental information, altering according to an execution policy the contents of environmental information items before retrieval by the program, recording as coverage information the internal states and the externally observable actions from the program execution, using recoded coverage information to generate in a fuzzing fashion execution policies with new contents for environmental information items, and identifying execution policies that induce previously unseen internal states and externally observable actions for the program.

CPC Classifications