Memory snapshot dataset of a compromised host with malware using obfuscation evasion techniques
Ibrahim Sadek,
Penny Chong,
Shafiq Ul Rehman,
Yuval Elovici,
Alexander Binder
Affiliations
Ibrahim Sadek
Corresponding author.; ST Engineering Electronics-SUTD Cyber Security Laboratory, Singapore University of Technology and Design (SUTD), 8 Somapah Road, 487372, Singapore
Penny Chong
ST Engineering Electronics-SUTD Cyber Security Laboratory, Singapore University of Technology and Design (SUTD), 8 Somapah Road, 487372, Singapore
Shafiq Ul Rehman
Corresponding author.; ST Engineering Electronics-SUTD Cyber Security Laboratory, Singapore University of Technology and Design (SUTD), 8 Somapah Road, 487372, Singapore
Yuval Elovici
ST Engineering Electronics-SUTD Cyber Security Laboratory, Singapore University of Technology and Design (SUTD), 8 Somapah Road, 487372, Singapore
Alexander Binder
ST Engineering Electronics-SUTD Cyber Security Laboratory, Singapore University of Technology and Design (SUTD), 8 Somapah Road, 487372, Singapore
This article presents a dataset for studying the detection of obfuscated malware in volatile computer memory. Several obfuscated reverse remote shells were generated using Metasploit-Framework, Hyperion, and PEScrambler tools. After compromising the host, Memory snapshots of a Windows 10 virtual machine were acquired using the open-source Rekall's WinPmem acquisition tool. The dataset is complemented by memory snapshots of uncompromised virtual machines. The data includes a reference for all running processes as well as a mapping for the designated malware running inside the memory. The datasets are available in the article, for advancing research towards the detection of obfuscated malware from volatile computer memory during a forensic analysis. Keywords: Memory snapshots, Forensic analysis, System security, Malware detection, Obfuscated malware
