TTAnalyze

TTAnalyze: A tool for analyzing malware

About TTAnalyze

TTAnalyze is a tool for analyzing the behavior of Windows PE-executables with special focus on the analysis of malware. Execution of TTAnalyze results in the generation of a report file that contains enough information to give a human user a very good impression about the purpose and the actions of the analyzed binary. The generated report includes detailed data about modifications made to the Windows registry or the file system, about interactions with the Windows Service Manager or other processes and of course it logs all generated network traffic. The analysis is based on running the binary in an emulated environment and watching i.e. analyzing its execution. The analysis focuses on the security-relevant aspects of a program's actions, which makes the analysis process easier and because the domain is more fine-grained it allows for more precise results. It is the ideal tool for the malware and virus interested person to get a quick understanding of the purpose of an unknown binary.

Status

Stopped. Development is continuing in its successor project Anubis: Analyzing Unknown Binaries.

Documentation / Publications

This Master's Thesis describes TTAnalyze's design and implementation.

Software

The software is not going to be released.

Authors

TTAnalyze was developed by Ulrich Bayer. Juergen Wohlmuth has helped implement parts of the analysis-framework. Helmut Petritsch was responsible for TTAnalyze's build-system and several other improvements.


Last Modified: Sat Mar 10 10:51:39 CET 2007


Distributed Systems Group / Automation Systems Group / Technical University of Vienna www.tuwien.ac.at