Hack.lu 2016 KillTheHashes 30 million Malware DNA profiling exercise by Luciano Martins HD

Similar to human fingerprints, every malware has its own unique digital fingerprint that differentiates it from others. As a result, malware will always attempt to hide its true self by deleting or changing this information to avoid detection by antivirus companies and malware researchers. Doing malware profiling allows malware hunters and analysts to really interrogate the internals of malware and perform searches over a large number of file characteristics. For instance, instead of relying on file-level hashes, we can compute other features such as imported functions, strings, constants, file segments, code regions, or anything that is defined in the file type specification, we had built a software to perform those tasks CodexGigas that provides us with more than 142 possible searchable patterns, that can be combined. Since malware developers go to great lengths to obfuscate their characteristics, it is often difficult for by researchers and malware analysts to identify multiple characteristics and correlation points. By analyzing malware internals, the algorithm is able to build characteristic families to which a new sample can be categorized and therefore identified for specific behavior, enabling early detection of new malware by comparing against existing malware. We will demonstrate the results of our work and the techniques and tool used to derive these results. Bio: Luciano Martins Luciano Martins is a Director in Threat Intel & Analytics at Deloitte. who works in the area of vulnerability assessment, black box testing, personnel training, hacking skills, malware, and strong reverse engineering skills. Luciano has nearly 20 years of experience in security atmosphere. Prior to Deloitte, he founded the USSR LABS research group in Argentina and led it for five years.