Malware Decompiler Tool Goes Open Source

Avasts RetDec machine-code decompiler now available for free on Github.

Anti-malware vendor Avast has donated its homegrown malware decompiler tool to the open-source community.
Avasts RetDec basically converts a piece of malware into a higher-level programming language and helps malware analysts unmask the inner workings and functions of its code. It turns it into something that looks like the original source code, says Jakub Kroustek, threat lab team lead at Avast. Its much easier and more efficient to sleuth just what the malware can do when its decompiled, he notes.
Were facing millions of new samples of malware each day. Were not deeply analyzing all of them, but by using decompilation we can handle some more closely and quickly, says Kroustek, founder of the tool.
Researchers at Avast used the tool to decompile ransomware strains including Apocalypse, BadBlock, Bart, CrySIS, and TeslaCrypt, and then offer free decryption tools for the ransomware.
Decompiler tools provide static analysis of code, where researchers dont actually run the code but instead study it, up close. Dynamic analysis is another method, where a researcher executes malicious code in the safety of a sandbox environment to study how it runs in action. Sometimes its right to use a sandbox, and other times its beneficial to use a decompiler, he says. In my case, I usually use both. When youre fighting bad guys, you trying using every leverage you can, he says.
RetDec was first created in 2011 by researchers at the Czech Republics Brno University of Technology and AVG Technologies, and the tool became Avasts last year after it acquired AVG. Kroustek says Avast hopes to get other security experts to help further its development as an open source tool, which is aimed at researchers and reverse-engineers.
Decompilation tools are nothing new. There are commercial products, which can be pricey and limited in customization, Kroustek says, while there are other open-source decompiler tools such as DCC, Boomerang, and Snowman, for example.
While good decompilation tools are available that deliver good results, many are paid products, however, these cannot be easily extended with custom features, he says. On the other hand, users can utilize existing, free, open-source decompilers, but these do not always achieve proper stability, code readability and quality.
John Bambanek, threat systems manager with Fidelis Cybersecurity, who also teaches at the University of Illinois at Urbana-Champaign, says an open-source decompiler such as Avasts can be especially helpful for academia. I have limited funds and buying a bunch of IDA [Hex-Rays decompiler product] seats isnt going to happen. With something open-source, assuming it can get the job done, [the tool can] provide a great resource for me to produce more reverse engineers, he says.
Avast says the now open-source tool works on multiple architectures, file formats, and operating systems, and can be used for more than decompilation, too. It uses C and Python-type language for output, and runs on Linux and Windows platforms. RetDec source code and related tools are
available
now on GitHub, under an MIT license.
If someone isnt focused on decompilers, he or she can just use the libraries for detection of particular patterns in the malware, for example, Kroustek says.
Related Content:
Ransomware Meets Greys Anatomy
Post-Breach Carnage: Worst Ways The Axe Fell in 2017
121 Pieces of Malware Flagged on NSA Employees Home Computer

Last News
▸ Enhancing Business Security Through Threat Intelligence ◂ Discovered: 26/12/2024 Category: security	▸ Fidelis expands in malware detection & analysis. ◂ Discovered: 26/12/2024 Category: security	▸ SMBs can enhance security via Cloud in 4 ways. ◂ Discovered: 26/12/2024 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Malware Decompiler Tool Goes Open Source