Download pdf
Obfuscation techniques used by malware authors makes performing triage a monumentally challenging task. This presentation will show how to overcome this by extracting hidden PE32 fields and then perform rapid, near real-time triage across millions of samples. Furthermore, our method shows when malware has been built under different build environments, revealing potentially distinct actors.