This application relates to malware protection programs.
Malware authors and malware protection program authors are constantly engaging in a game of cat and mouse. The malware protection program authors attempt to write malware protection programs that identify and eliminate the threats posed by malware programs, and the malware authors attempts to generate malware programs that avoid detection. Malware protection programs employ numerous methods for detecting known malware. For example, malware protection programs can detect known malware programs based on the signature associated with the program, or they can analyze the properties of the malware program and identify it based on certain characteristics of the source code.
Malware authors use various methods of obfuscating malicious code. Obfuscating malware code makes it more difficult for malware protection programs to detect the malware code because the harmful properties of the malware code cannot be detected in the obfuscated code. For example, one common malware obfuscation technique is known as Control Flow Graph obfuscation. Control Flow Graph obfuscation is a technique that modifies the control of the malware program (i.e., the malware program) by strategically inserting “jump” instructions into the code, or manipulating “call” instructions in the code. However, the malware programs remain harmful to a system.