Malware self protection mechanism issues in conducting malware behaviour analysis in a virtual environment as compared to a real environment

Abstract

Malware writers are constantly trying to defeat and hinder malware analysis with malware self protection mechanism. There are two main methods of malware analysis which are reverse engineering and behaviour analysis. Reverse engineering consists of static and dynamic code analysis. Behaviour analysis studies the malware's interaction in and out of the infected host. Behaviour analysis will always be a faster method compared to reverse engineering due to its more visual approach. This study will analyse issues related to malware self protection mechanism in conducting malware behaviour analysis in a virtual environment as compared to a real environment and suggestion(s), on how to overcome the problem.