Additional Material for the Multi-core malware paper.
Msc. Marcus Botacin, under supervision of Prof. Dr. Paulo Lício de Geus -- Institute of Computing - University of Campinas and Prof. Dr. André Grégio -- Department of Informatics - Federal University of Paraná.
Study the impact of malware code distribution using multiple processes, threads and processor cores.
-
Evasion: Multi-core-based evasion experiments. ** GetNumCores: Check the number of cores current system has. ** Simplest: Simplest code distribution strategy.
-
Thread Identification and Monitoring: Background tests. ** Test.Thread.Capture: Simple kernel driver which tracks Thread IDs. ** Thread.Experiments: Experiments to perform core switch and PID/TID retrieval.
-
Core Switching: Core switch experiments. ** Switch.Monitor: A Branch-Monitor-client able to track core switches.
-
DLL Injection: DLL injection experiments used as proof of concepts. ** DLL: Simple DLL to be injected. ** Injector: Thread-based DLL Injector. ** Injector.IPC: Processes-based DLL Injector.
- Multi-Core Branch-Monitor: Multi-Core version of the BranchMonitor framework.
- Link To Be Added: VANILLA malware: Vanishing ANtiviruses by Interleaving Layers and Layers of Attacks, Marcus Botacin, Paulo de Geus, André Grégio -- Journal of Computer Virology and Hacking Techniques (2019)