|Project Description: ||Malicious code detection and removal is very important to the security of the computer system. This project presents methodologies and tools to detect any malicious code present in the system and can be used as a preventive measure to protect the system from being infected. Malicious code analysis can be static or dynamic.
Static code analysis performs control flow and data flow analysis of the programs to detect malware. Dynamic code analysis has a greater edge over static code analysis. In this technique the instructions are analyzed as the code is being executed. Thus polymorphic malware can also be detected. The dynamic code technique makes use of a virtual environment to perform the analysis. Some malware can also detect the virtual environment and change behavior accordingly to hide itself from the defensive system. Thus dynamic analysis in a virtual environment is not an effective tool until it is used with some other tool that can detect the obfuscation of malware. The proposed tool examines the code in a virtual environment along with a minifilter driver and detects any malicious code present. The minifilter driver is used to monitor the windows API calls, registry changes and is used to generate reports. These reports can be analyzed to categorize a program as a malware or a normal program.