From Mole Hills to Mountains: Revealing Rich Header and Malware Triage


Posted on in Presentations

Obfuscation techniques used by malware authors makes performing triage a monumentally challenging task. This presentation will show how to overcome this by extracting hidden PE32 fields and then perform rapid, near real-time triage across millions of samples. Furthermore, our method shows when malware has been built under different build environments, revealing potentially distinct actors.
Participants
Zachary Hanif

Participant

Head of Security Machine Learning, Capital One

George Webster

Participant

Ph.D. Candidate, Technical University Munich


Share With Your Community