SecureWorks Corp.
System and method for automation of malware unpacking and analysis

Abstract:

An information handling system includes a storage and a processor. The storage is configured to store malware samples and malware signatures. The processor is configured to unpack a malware sample, compare the malware sample to known malware families, extract a command-and-control domain, extract encryption keys and communication parameters, store a malware signature for the malware sample, the malware signature including information required to monitor a network for activity of the malware sample or detect the malware sample on another system, and provide the command-and-control server addresses, encryption keys, and communication parameters to a botnet tracker.