STUDIA UNIVERSITATIS

AMBIENTUM BIOETHICA BIOLOGIA CHEMIA DIGITALIA DRAMATICA EDUCATIO ARTIS GYMNAST. ENGINEERING EPHEMERIDES EUROPAEA GEOGRAPHIA GEOLOGIA HISTORIA HISTORIA ARTIUM INFORMATICA IURISPRUDENTIA MATHEMATICA MUSICA NEGOTIA OECONOMICA PHILOLOGIA PHILOSOPHIA PHYSICA POLITICA PSYCHOLOGIA-PAEDAGOGIA SOCIOLOGIA THEOLOGIA CATHOLICA THEOLOGIA CATHOLICA LATIN THEOLOGIA GR.-CATH. VARAD THEOLOGIA ORTHODOXA THEOLOGIA REF. TRANSYLVAN ROMÂNA ENGLISH INFOKIOSK CONTACT ADDRESSES SPECIAL ACCESS SUBSCRIPTION FORM NEWSLETTER & DOWNLOAD NEWEST ISSUES THIS YEAR ISSUES ALL ISSUES IN ARCHIVE FIND IN ARCHIVE HISTORY TODAY SCOP & OBJECTIVES THE TEAM


	The STUDIA UNIVERSITATIS BABEŞ-BOLYAI issue article summary The summary of the selected article appears at the bottom of the page. In order to get back to the contents of the issue this article belongs to you have to access the link from the title. In order to see all the articles of the archive which have as author/co-author one of the authors mentioned below, you have to access the link from the author's name.


	STUDIA INFORMATICA - Issue no. 1 / 2023

	Article:	MALWARE ANALYSIS AND STATIC CALL GRAPH GENERATION WITH RADARE2 . Authors: ATTILA MESTER.


	Abstract: DOI: 10.24193/subbi.2023.1.01 Published Online: 2023-07-20 pp. 5-20 VIEW PDF FULL PDF A powerful feature used in automated malware analysis is the static call graph of the executable file. Elimination of sandbox environment, fast scan, function call patterns beyond instruction level information – all of these motivate the prevalence of the feature. Processing and storing the static call graph of malicious samples in a scaled manner facilitates the application of complex network analysis in malware research. IDA Pro is one of the leading disassembler tools in the industry and can generate the call graph via GenCallGdl and GenFuncGdl APIs – a tool which was used in our previous works. In this paper an alternative analysis method is presented using another disassembler tool, Radare2, an open-source Unix-based software, which is also frequently used in this domain. Radare2 has Python support (among other languages), via the r2pipe package, thus enabling full scalability on Linux-based servers using containerized solutions. This paper offers a detailed technical description on how to use Radare2 to generate the static call graph of a PE file and a thorough comparison with the output of IDA Pro, as well as a public dataset on which the experiments were carried out. Received by the editors: 1 March 2023. 2010 Mathematics Subject Classification. 68P25, 68P30. 1998 CR Categories and Descriptors. D.4.6 [Security and Protection]: Subtopic – Invasive software. Keywords and phrases: malware analysis, static call graph, radare2, IDA Pro. 1https://www.av-test.org.




			Back to previous page