Static Analysis of Malware to Detect Exception Return

摘要

Malware is rapidly becoming a major security issue. In order to avoid being analyzed statically, malwares resort to various obfuscation techniques to hide their malicious behaviors. The technique based on the exception return of subroutine is one of the techniques. Currently disassemblers couldn't deal with malware which uses this technique. This paper presents a static disassembly algorithm base on virtual stack for handling malware with exception return. The result of the test proves that the algorithm is effective.