Last-minute presentation: Novel code obfuscation with COM

Robert Freeman IBM

  download slides (PDF)

In the future, will synergistic relationships between scripting engine extensions and script languages like JavaScript emerge as an obfuscation trend? What detection logic will work and what will not?

Over time, code obfuscation techniques have become increasingly esoteric. Early forms of binary code obfuscation consisted of self-modifying code and junk bytes between instructions. With the advent of executable wrappers, even compression and encryption are reasonably thought of in terms of obfuscation. Later, 'stolen bytes' were cutting edge. This technique involves setting up an exception handler or secondary debugging process to perform actions at points in execution where code has been yanked. Still, the older techniques were put to good use. Now, Virtual CPU envelopes are at the bleeding edge of malware-wrapping technology and are typically difficult to build as well as unwrap.

This presentation will discuss a novel way to facilitate code obfuscation using a thin COM proxy between ActiveScript and the Windows API. In other words, writing Windows applications in JavaScript. Highlights of this talk include detection opportunities and challenges as well as display of various sample applications using this approach.



twitter.png
fb.png
linkedin.png
hackernews.png
reddit.png

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.