Describe one way that Polymorphic Viruses in x86 executables could be detected using the Cifuentes and

Gough’s decompiler

AbstractApart form code maintenance, the decompiler can be used as a tool to

detect virus in binary program. In this paper, detection of a DOS-based virus – polymorphic virus in x86 executables using the reverse compiler

tool will be presented. Starting from the front-end module of the decompiler, tools like parser, disassembler and the signature generator

will facilitate the decompiling processes by flagging the suspicious machine codes during intermediate code and control flow graph

generation. Data flow analysis and Control flow analysis will be done in the UDM phase. In addition, malicious code could be extracted using

program-slicing algorithm and the control flow graph will be modified to facilitate code generation in the back-end module. Names of variables

and procedures will be renamed and information of malicious behaviors will be reported as comments within each procedure to reveal the

structure and behavior of the virus.