An Automated Tool for Malware Analysis and Classification

Abstract

Abstract— Malware attacks are still increasing up till today. This situation will cause many unwanted disturbances in the network or system that is being attacked by malware. Furthermore, malware is hard to identify due to the huge amount of samples and its unknown activities. Therefore, an automated tool is needed to analyze the malware samples and identify their activities. Due to that, a malware analysis will be integrated within the tool to be able to address the activities of the malware. The analysis method used is the hybrid analysis technique which, it combined both static and dynamic analysis techniques. Static analysis technique is a technique where malware is dissected, and reverse engineered to gain more information without executing the malware. Contrary to static analysis, dynamic analysis will execute the malware in a secure environment to further observe the behavior and activities carried out by the malware. In addition, a classification method via an application programming interface (API) calls made by the malware is implemented within the tool that capable to differentiate between a normal program and malware. The development of the automated tool is used Java and Python language. The result will be determined by the ability of logging and identifying the malware activities via an API call, and the ability to classify and differentiate between a malware and a normal program. In conclusion, the integration of malware analysis techniques and classification techniques will help provide more information to identify and differentiate a malware from normal programs.