VM-packed Malware

Citation Author(s):
Xin
Zhao
Submitted by:
Xin Zhao
Last updated:
Mon, 02/26/2024 - 06:40
DOI:
10.21227/1d4e-ta45
License:
Creative Commons Attribution
210 Views
Categories:
Security
Keywords:
Android malware; obfuscation; detection; classification
0
0 ratings - Please login to submit your rating.
ACCESS DATASET CITE SHARE/EMBED

Abstract 

This research utilizes real-world malware samples that are reinforced with the latest VM-based packers and digitally signed to ensure runtime execution. For academic research purposes only, these packed malware samples are provided as running instances to facilitate behavioral, forensic and detection analysis. Users are forewarned on the potential risks of executing unknown malicious programs, and should refrain from installing or propagating these files outside of a controlled experimental environment. By analyzing this up-to-date corpus of packed malware with state-of-the-art obfuscation, we aim to spur future research and developments in malware evasion tactics as well as the corresponding analysis techniques and countermeasures. The samples reflect an evolving malware landscape that demands more robust and generalized solutions. We caution users against irresponsible uses of these specimens, and advocate solely for an educational and investigative role under safe containment procedures.

Instructions: 

To safely use datasets, it is recommended to:

  1. Run the dataset in a sandbox environment, not directly on physical machines. The sandbox can isolate potential risks introduced by the dataset.
  2. Ensure the Android system version in the sandbox environment is above 5.0. Newer Android versions usually have better security mechanisms.
  3. Disconnect the sandbox from external networks when running the dataset. This prevents security incidents caused by network issues.
  4. Physically isolate the physical machines from other machines. Avoid direct exposure of real-world data to the dataset.
  5. Check the inputs and outputs of the dataset to prevent unsafe real-world content from entering the dataset.
  6. Regularly reset the sandbox environment and rebuild the isolated runtime.
  7. Encrypt sensitive information in the dataset to prevent leaks.
  8. Monitor the runtime status of the dataset, keep logs for post-incident investigation.
  9. Have a security response plan ready to quickly minimize damage in case of incidents.

Dataset Files

LOGIN TO ACCESS DATASET FILES

 

QUESTIONS?