Following the increasing trends of malicious applications or cyber threats in general, program analysis has become a ubiquitous technique in extracting relevant features. The current state-of-the-art solutions seem to fall behind new techniques. For instance, dynamic binary instrumentation (DBI) provides some promising results, but falls short when it comes to ease of use and overcoming analysis evasion. In this regard, we propose a two-fold contribution. First, we introduce COBAI (Complex Orchestrator for Binary Analysis and Instrumentation), a DBI framework designed for malware analysis, prioritizing ease-of-use and analysis transparency, without imposing a significant overhead. Second, we introduce an aggregated test suite intended to stand as a benchmark in determining the quality of an analysis solution regarding the protection against evasion mechanisms. The efficiency of our solution is validated by a careful evaluation taking into consideration other DBI frameworks, analysis environments, and the proposed benchmark.

翻译：随着恶意应用程序或网络威胁总体趋势的日益增长，程序分析已成为提取相关特征的普遍技术。当前最先进的解决方案似乎落后于新技术。例如，动态二进制插桩（DBI）虽展现出一些有前景的结果，但在易用性和克服分析规避方面仍显不足。为此，我们提出双重贡献：首先，介绍COBAI（复杂二进制分析与插桩编排器），一个专为恶意软件分析设计的DBI框架，优先考虑易用性和分析透明性，且不会造成显著开销；其次，提出一个聚合测试套件，旨在作为评估分析解决方案对抗规避机制保护能力的基准。通过考虑其他DBI框架、分析环境及所提议基准的细致评估，我们的解决方案效率得到了验证。