Malware is a security threat, and various means are adapted to detect and block them. In this paper, we demonstrate a method where malware can evade malware analysis. The method is based on single-step reverse execution of code using the self-debugging feature. We discuss how self-debugging code works and use that to derive reverse execution for any payload. Further, we demonstrate the feasibility of a detection evading malware through a real implementation that targets Linux x86-64 architecture for a reference implementation. The reference implementation produces one result when run in one direction and a different result when run in the reverse direction.
@article{arxiv.2111.13894,
title = {Evading Malware Analysis Using Reverse Execution},
author = {Adhokshaj Mishra and Animesh Roy and Manjesh Kumar Hanawal},
journal= {arXiv preprint arXiv:2111.13894},
year = {2021}
}