Development of the method and program model of the static analyzer of harmful files

Abstract

The subject of research in this article is the methods of analyzing malicious software. The goal is to improve the secure functioning of computer systems (CS) and protect them from the effects of computer viruses. Research target: the research of modern means of software antivirus protection; analysis of the methods of creating a file signature; the development of a software model for static file detection, based on the analysis of the PE structure; the generation of tables of features that are inherent to families of viruses such as Worms, Backdor, Trojan; the obtainment binary signatures of malicious and secure software. The methods used are: analysis of the code in a Hex file, file hashing algorithms. The following results are obtained. The PE-structure of the file has been analyzed; sections have been selected for further analysis. A software model of static file detection has been developed and the analysis of secure and malicious files has been performed. Features in the form of strings and API functions have been selected; a bitmask has been formed for further file analysis. 3500 files of malicious and safe software has been scanned, their analysis has been performed. Signatures of each malicious file have been encoded and stored in the signature database. Using the developed software model, a study has been made of the possibility of detecting modifications to malicious software. Conclusions. A method and software model of static detection of malicious files has been developed, which allow automatic obtainment of a set of file features and draw a conclusion about the severity of the file.