Obfuscation_Detection - Collection Of Scripts To Pinpoint Obfuscated Code
Automatically detect control-flow flattening and other state machines
Author: Tim BlazytkoDescription:
Scripts and binaries to automatically detect control-flow flattening and other state machines in binaries.
Implementation is based on Binary Ninja. Check out the following blog post for more information:
Automated Detection of Control-flow Flattening
$ ./detect_flattening.py samples/finspy
Function 0x401602 has a flattening score of 0.9473684210526315.
Function 0x4017c0 has a flattening score of 0.9981378026070763.
Function 0x405150 has a flattening score of 0.9166666666666666.
Function 0x405270 has a flattening score of 0.9166666666666666.
Function 0x405370 has a flattening score of 0.9984544049459042.
Function 0x4097a0 has a flattening score of 0.9992378048780488.
Function 0x412c70 has a flattening score of 0.9629629629629629.
Function 0x412df0 has a flattening score of 0.9629629629629629.
Function 0x412f70 has a flattening score of 0.9927007299270073.
Function 0x4138e0 has a flattening score of 0.9629629629629629.
Note
The password for the zipped malware samples is "infected". To unpack, use the following command line:
$ unzip -P infected samples.zip
Contact
For more information, contact @mr_phrazer.
Obfuscation_Detection - Collection Of Scripts To Pinpoint Obfuscated Code
Reviewed by Zion3R
on
8:30 AM
Rating:
![Obfuscation_Detection - Collection Of Scripts To Pinpoint Obfuscated Code](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQG7s4cKpAv_8MQD5aIQ4ZHn8HvJRGZFIUiC3DLd3Bj00t-C2oJQsNcDjn3zlu5iiLUc2y6IXIIx8O9NtfF1XahV25jmOSPFBObtUvk0suqEtbWcSQROdHmNqMH4fe14UtzRheke25mZQe/s72-w640-c-h380/Obfuscation_Detection.png)