The user action event generator design for leading malicious behaviors from malware in sandbox

Abstract

The number of malwares has been consistently growing for several years and the working platform of them was diversified. To analyze these malwares, an analyst uses automated investigation tools as sandbox. However, current malwares apply the various techniques to avoid the detection of the sandbox. Especially, it is hard to be analyzed when the malicious behavior is triggered by user events. In this paper, we propose methods to enter malicious behavior routine in the sample malware codes, which is happened during the virtual execution in the sandbox in order to perform the analysis of malware. We design the methods as the user action event generator using fuzzing. The malicious behaviors triggered by the generator are exported to the sandbox report as API list. We show the result of the event generator.