File Disinfection Framework - Striking Back at Polymorphic Viruses

Explore an innovative approach to combating polymorphic viruses in this Black Hat USA 2012 conference talk. Delve into the File Disinfection Framework (FDF), an open-source project built on TitanEngine, designed to address the challenges of file disinfection and remediation. Learn about the framework's advanced features, including static analysis functionality, PE32/PE32+ file validation and repair, integrated hash database, and a unique x86 emulator. Discover how FDF combines static analysis and emulation to provide analysts with unprecedented control over the emulated environment. Gain insights into the framework's capabilities for decryption, decompression, and disinfection of complex malware. Understand how FDF tackles issues with PE file formats and offers solutions for reverting function name hashes. Explore the emulator's support for multiple processes, Windows structures, and API integration. Learn about the framework's specific functionality for disinfecting files infected with polymorphic viruses like Virut and Sality. Discover tools designed to aid in writing disinfection routines and automatic binary profiling. Gain exclusive access to the latest developments in this DARPA-supported project, presented for the first time at Black Hat USA 2012.