Browse > Article
http://dx.doi.org/10.13089/JKIISC.2011.21.2.111

A study on neutralization malicious code using Windows Crypto API and an implementation of Crypto API hooking tool  

Song, Jung-Hwan (Hanyang University)
Hwang, In-Tae (Hanyang University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.21, no.2, 2011 , pp. 111-117 More about this Journal
Abstract
Advances in encryption technology to secret communication and information security has been strengthened. Cryptovirus is the advent of encryption technology to exploit. Also, anyone can build and deploy malicious code using windows CAPI. Cryptovirus and malicious code using windows CAPI use the normal windows API. So vaccine software and security system are difficult to detect and analyze them. This paper examines and make hooking tool against Crytovirus and malicious code using windows CAPI.
Keywords
API Hooking; Crypto API; Cryptovirus;
Citations & Related Records
연도 인용수 순위
  • Reference
1 http://www.ahnlab.com/kr/site/securit ycenter/asec/asecReportList.do
2 A. Young, "Cryptoviral extortion using Microsoft's Crypto API", International Journal of Information Security, pp. 2-3, 2006년.
3 염용진, 배병철, "악성 프로그램의 진화", 정보통신산업진흥원 주간기술동향, 1244호, pp. 32-33,2006년 5월.
4 http://articles.yuikee.com.hk/newslett er/2005/05/f.html
5 http://www.symantec.com/connect/blo gs/how-trojanzbotbinf-uses-crypto-api, 2010.
6 http://msdn.microsoft.com/en-us/libra ry/aa380255(v=vs.85).aspx
7 http://www.reversecore.com/65
8 A. Young, M. Yung, "An implementation of cryptoviral extortion using microsoft's crypto api", http://www.cryptovirology.com/ cryptovfiles/newbook/Chapter2.pdf, pp. 9-16, 2005
9 Greg Hoglund, James Butler, 윤근용, 루트킷 윈도우 커널 조작의 미학, 제4장 전통적인 후킹기술, 에이콘, 2007.