DOCSLIB.ORG

Architecture for Analyzing Potentially Unwanted Applications

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Architecture for Analyzing Potentially Unwanted Applications Architecture for analyzing Potentially Unwanted Applications Alberto Geniola School of Science Thesis submitted for examination for the degree of Master of Science in Technology. Espoo 10.10.2016 Thesis supervisor: Prof. Tuomas Aura Thesis advisor: M.Sc. Markku Antikainen aalto university abstract of the school of science master’s thesis Author: Alberto Geniola Title: Architecture for analyzing Potentially Unwanted Applications Date: 10.10.2016 Language: English Number of pages: 8+149 Department of Computer Science Professorship: Information security Supervisor: Prof. Tuomas Aura Advisor: M.Sc. Markku Antikainen The spread of potentially unwanted programs (PUP) and its supporting pay par install (PPI) business model have become relevant issues in the IT security area. While PUPs may not be explicitly malicious, they still represent a security hazard. Boosted by PPI companies, PUP software evolves rapidly. Although manual analysis represents the best approach for distinguishing cleanware from PUPs, it is inapplicable to the large amount of PUP installers appearing each day. To challenge this fast evolving phenomenon, automatic analysis tools are required. However, current automated malware analisyis techniques suffer from a number of limitations, such as the inability to click through PUP installation processes. Moreover, many malware analysis automated sandboxes (MSASs) can be detected, by taking advantage of artifacts affecting their virtualization engine. In order to overcome those limitations, we present an architectural design for imple- menting a MSAS mainly targeting PUP analysis. We also provide a cross-platform implementation of the MSAS, capable of running PUP analysis in both virtual and bare metal environments. The developed prototype has proved to be working and was able to automatically analyze more that 480 freeware installers, collected by the three top most ranked freeware websites, such as cnet.com, filehippo.com and softonic.com. Eventually, we briefly analyze collected data and propose a first strategy for detecting PUPs by inspecting intercepted HTTP traffic. Keywords: PUP, PPI, MSAS, PUA, Potentially Unwanted Application, Potentially Unwanted Programs iv Preface This thesis work constitutes the final step of my master education in Computer Engineering. It has been written during my exchange year, spent at the Aalto University, in Helsinki. I wish to thank professor Tuomas Aura, who gave me the opportunity of working in the research area of the information security deparment. I had the opportunity to expand my education background, by working with IT security research experts, immerse in an intellectually challenging environment. Special thanks go to Markku Antikainen, whose valuable advices guided me while writing the thesis. I must also offer a very special word of thanks to all my researchers colleagues of the security department, especially to Blomqvist Tuomas, who demonstrated genuine interest about my work. Great thanks go to professor Fulvio Risso, for his constant (and valuable) availability and support. I would like to thank my two flatmates, Luigi and Raul, whose sympathy and cheerfulness have been a relief during hard times. Furthermore, I would like to thank all my closest friends Marina, Marta, Valentina, Valeria D. for their constant emotional support. Thanks to my girlfriend Elena, who always believed in me and supported my ideas. Special rewards go to Valeria Z., who inspired me with her IT-difficulties. I must spend special word of thanks for Francesco and Riccardo, two of my closest friends who shared hard times during these two years of master studies. Lastly, I would like to thank all family that has always stood by my side. Great thanks to Maria, whose generosity helped me in finishing my studies. Turin, Sep 26, 2016 Alberto Geniola This work was supported by TEKES as part of the Cyber Trust program of DIGILE (the Finnish Strategic Center for Science, Technology and Innovation in the field of ICT and digital business). Contents Abstract........................................ iii Preface......................................... iv Contents.........................................v Symbols and abbreviations.............................. viii 1 Introduction1 1.1 Motivation....................................1 1.2 Research goals..................................2 1.3 Structure.....................................3 2 Background5 2.1 Potentially Unwanted Programs.........................5 2.1.1 Definition.................................5 2.1.2 Potentially-unwanted ambiguity.....................6 2.1.3 PUP Classification............................7 2.1.4 Severity..................................8 2.1.5 Profitability................................9 2.1.6 The EULA trap............................. 10 2.1.7 User informed-consent to dicriminate PUP.............. 10 2.1.8 Habituation and blind approach.................... 10 2.2 Problem: PUP on Windows........................... 11 2.2.1 Windows installers............................ 11 2.2.2 Where do PUPs fit the most...................... 13 2.3 PUP detection state of the art......................... 14 2.3.1 How antivirus detect PUPs....................... 14 2.3.2 Suspicious behaviors........................... 15 2.4 Malware analysis techniques to the rescue................... 15 2.4.1 Static Analysis.............................. 16 2.4.2 Dynamic analysis............................. 21 2.5 Malware Sandbox Analysis Systems...................... 26 2.5.1 Limitations................................ 27 2.6 Automated GUI interaction........................... 27 2.6.1 Windows UI Architecture........................ 28 2.6.2 Low level UI interactions........................ 28 2.6.3 Basic Win32 UI messages........................ 29 2.6.4 Windows UI libraries........................... 30 2.6.5 Inspection tools for windows: Spy++ and Snoop........... 31 2.6.6 Inspection tools limitations....................... 32 v vi 2.6.7 Image recognition frameworks...................... 32 2.6.8 Optical character recognition techniques................ 33 2.6.9 UI automation frameworks....................... 33 2.6.10 Installers vs Applications, considerations................ 34 3 Related Work 39 3.1 Automated Malware analysis.......................... 39 3.1.1 Anti-spyware solutions.......................... 39 3.1.2 Sandbox Analysis............................. 40 3.2 Automated UI Interaction............................ 41 4 Problem Statement 43 4.1 Automating software installation........................ 44 4.2 Data collection and correlation......................... 44 4.3 Scalability and performances.......................... 44 4.4 Avoiding MSASs detection............................ 45 5 Design of a Windows PUP analysis infrastructure 47 5.1 Design goals.................................... 47 5.2 Architecture.................................... 48 5.2.1 Overview................................. 49 5.2.2 Crawlers.................................. 50 5.2.3 Central DB................................ 51 5.2.4 Host Controller.............................. 53 5.2.5 Sandbox Machine............................. 55 5.2.6 Networking Design............................ 58 5.2.7 Bare metal and virtual environments support............. 63 5.3 UI Interaction................................... 67 5.3.1 UI interaction engine basic architecture................ 67 5.3.2 Automated UI interaction challenges.................. 68 5.3.3 UI elements detection.......................... 71 5.3.4 UI element selection........................... 73 5.3.5 Interacting with UI elements...................... 76 6 Implementation details 79 6.1 Central database................................. 79 6.1.1 DB Schema................................ 80 6.1.2 Multiple Host Controller synchronization............... 80 6.2 Resource monitoring implementation...................... 81 6.2.1 Shared resource access in Windows NT................ 82 6.2.2 API Hooking: Overview......................... 84 6.2.3 Dll Injection & Injector......................... 87 6.2.4 Clooser look at HookingDLL...................... 89 6.2.5 Process hierarchy, dll injection and API hooking........... 94 6.2.6 Hooking Windows services........................ 97 6.3 Sniffer....................................... 101 6.3.1 Networking services........................... 101 6.3.2 Host controller interaction........................ 104 6.3.3 Capture file synthesis.......................... 105 vii 7 Test and evaluation of results 109 7.1 Test configuration................................ 109 7.1.1 Job selection............................... 109 7.1.2 Infrastructure configuration....................... 111 7.2 Evaluation of results............................... 115 7.2.1 Install automation results........................ 116 7.2.2 Looking for PUP installers....................... 119 8 Conclusions and future work 133 8.1 Contributions................................... 133 8.2 Limitations.................................... 134 8.3 Future work.................................... 135 A Database schema 137 B Hooked APIs 139 References........................................ 141 viii Symbols and abbreviations Abbreviations API Application Programming Interface CTPH Context Triggered Piecewise Hashing DNS Domain Name Service EULA End User License Agreement FS File System GUI Graphical User Interface HTTP Hyper Text Transfer Protocol HTTPS Hyper Text Transfer Protocol over Secure Socket Layer IO Input Output IT Information Technology JSON
Load more

Recommended publications
  • NOTICE by Hotfile Corp., Anton Titov Defendants' Notice of Filing The
    Disney Enterprises, Inc. et al v. Hotfile Corp. et al Doc. 391 Att. 1 EXHIBIT A Dockets.Justia.com PUBLIC VERSION UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF FLORIDA CASE NO.: 11-CIV-20427-WILLIAMS/TURNOFF DISNEY ENTERPRISES, INC., TWENTIETH CENTURY FOX FILM CORPORATION, UNIVERSAL CITY STUDIOS PRODUCTIONS LLLP, COLUMBIA PICTURES INDUSTRIES, INC., and WARNER BROS. ENTERTAINMENT INC., Plaintiffs, v. HOTFILE CORP., ANTON TITOV, and DOES 1-10. Defendants. / HOTFILE CORP., Counterclaimant, v. WARNER BROS. ENTERTAINMENT INC., Counter-Defendant. / [REDACTED] DECLARATION OF PROFESSOR JAMES BOYLE IN SUPPORT OF DEFENDANTS’ OPPOSITION TO PLAINTIFFS’ MOTION FOR SUMMARY JUDGMENT AND EXHIBITS THERETO FILED UNDER SEAL CASE NO.: 11-CIV-20427-WILLIAMS/TURNOFF I, JAMES BOYLE, declare as follows: 1. I am currently the William Neal Reynolds Professor of Law at Duke University, and have been retained by Farella, Braun + Martel LLP on behalf of the Defendants in this action as an expert witness. 2. I received an LL.B. (Hons) from Glasgow University (1980), and an LL.M. (1981) and S.J.D. (1986) from Harvard Law School. I have been a law professor since 1982, teaching at American University, and at the Universities of Pennsylvania, Harvard and Yale as a Visiting Professor. In 2000 I joined the law faculty at Duke. 3. My academic research is mainly in the areas of intellectual property and communication policy, with a focus on the Internet. I have written and edited numerous articles and books on these subjects. In general, my research and scholarship has focused on: i) Copyright law, particularly in the digital arena. I have published extensively on copyright in law journals, monographs, and edited collections of essays; a full list is available in the attached curriculum vitae.
    [Show full text]
  • End User License Agreement
    MICROSOFT SOFTWARE LICENSE TERMS WINDOWS EMBEDDED STANDARD 7 These license terms are an agreement between you and YSI incorporated. Please read them. They apply to the software included on this device. The software also includes any separate media on which you received the software. The software on this device includes software licensed from Microsoft Corporation or its affiliate. The terms also apply to any Microsoft • updates, • supplements, • Internet-based services, and • support services for this software, unless other terms accompany those items. If so, those terms apply. If you obtain updates or supplements directly from Microsoft, then Microsoft, and not YSI incorporated, licenses those to you. As described below, using the software also operates as your consent to the transmission of certain computer information for Internet-based services. By using the software, you accept these terms. If you do not accept them, do not use the software. Instead, contact YSI incorporated to determine its return policy for a refund or credit. If you comply with these license terms, you have the rights below. 1. USE RIGHTS Use. The software license is permanently assigned to the device with which you acquired the software. You may use the software on the device. 2. ADDITIONAL LICENSING REQUIREMENTS AND/OR USE RIGHTS a. Specific Use. YSI incorporated designed the device for a specific use. You may only use the software for that use. b. Other Software. You may use other programs with the software as long as the other programs directly supports the manufacturer’s specific use for the device, or provide system utilities, resource management, or anti-virus or similar protection.
    [Show full text]
  • Product Line Strategy Software License Management Global, 2011
    BEST PRACTICES RESEARCH Product Line Strategy Software License Management Global, 2011 Frost & Sullivan’s Global Research Platform Frost & Sullivan is in its 50th year in business with a global research organization of 1,800 analysts and consultants who monitor more than 300 industries and 250,000 companies. The company’s research philosophy originates with the CEO’s 360 Degree Perspective™, which serves as the foundation of its TEAM Research™ methodology. This unique approach enables us to determine how best-in-class companies worldwide manage growth, innovation and leadership. Based on the findings of this Best Practices research, Frost & Sullivan is proud to present the 2011 Global Product Line Strategy Award in Software License Management to SafeNet. Significance of the Product Line Strategy Award Key Industry Challenges Addressed by Product Line Strategy License management solutions solve the problem of monetizing application software, which is challenging because this is a technically diverse yet usability-sensitive market. Software Rights Management (SRM) vendors need to continuously evolve to support all relevant and emerging platforms, business models, delivery models, upgrade and connectivity scenarios, and more. The landscape for license management is changing. © 2011 Frost & Sullivan 1 “We Accelerate Growth” BEST PRACTICES RESEARCH Where desktop applications inside local area networks once dominated, virtualization is commonplace today, cloud is on the horizon and a majority of the workforce uses handheld devices for enterprise productivity tasks. Boundaries between cloud and embedded software or embedded devices and desktop software are blurring. Software LM was originally developed for anti-piracy and monetization of desktop software applications. Today the largest potential segment for software LM is embedded software and intelligent devices, for the dual purposes of controlling SKUs and editions, and enforcing hybrid licensing models.
    [Show full text]
  • Advance Dynamic Malware Analysis Using Api Hooking
    www.ijecs.in International Journal Of Engineering And Computer Science ISSN:2319-7242 Volume – 5 Issue -03 March, 2016 Page No. 16038-16040 Advance Dynamic Malware Analysis Using Api Hooking Ajay Kumar , Shubham Goyal Department of computer science Shivaji College, University of Delhi, Delhi, India [email protected] [email protected] Abstract— As in real world, in virtual world also there are type of Analysis is ineffective against many sophisticated people who want to take advantage of you by exploiting you software. Advanced static analysis consists of reverse- whether it would be your money, your status or your personal engineering the malware’s internals by loading the executable information etc. MALWARE helps these people into a disassembler and looking at the program instructions in accomplishing their goals. The security of modern computer order to discover what the program does. Advanced static systems depends on the ability by the users to keep software, analysis tells you exactly what the program does. OS and antivirus products up-to-date. To protect legitimate users from these threats, I made a tool B. Dynamic Malware Analysis (ADVANCE DYNAMIC MALWARE ANAYSIS USING API This is done by watching and monitoring the behavior of the HOOKING) that will inform you about every task that malware while running on the host. Virtual machines and software (malware) is doing over your machine at run-time Sandboxes are extensively used for this type of analysis. The Index Terms— API Hooking, Hooking, DLL injection, Detour malware is debugged while running using a debugger to watch the behavior of the malware step by step while its instructions are being processed by the processor and their live effects on I.
    [Show full text]
  • Software Licensing in the Cloud Age Solving the Impact of Cloud Computing on Software Licensing Models
    The International Journal of Soft Computing and Software Engineering [JSCSE], Vol. 3, No. 3, Special Issue: The Proceeding of International Conference on Soft Computing and Software Engineering 2013 [SCSE’13], San Francisco State University, CA, U.S.A., March 2013 Doi: 10.7321/jscse.v3.n3.60 e-ISSN: 2251-7545 Software Licensing in the Cloud Age Solving the Impact of Cloud Computing on Software Licensing Models Malcolm McRoberts Enterprise Architecture Core Technology Center Harris Corporation GCSD Melbourne, Florida, USA [email protected] Abstract—Cloud computing represents a major shift in identify key issues that require the attention of the industry information systems architecture, combining both new as a whole. deployment models and new business models. Rapid provisioning, elastic scaling, and metered usage are essential A. Characteristics of Cloud Computing (Benefits) characteristics of cloud services, and they require cloud According to the National Institute of Standards and resources with these same characteristics. When cloud services Technology (NIST) [1], cloud computing is a model for depend on commercial software, the licenses for that software enabling ubiquitous, convenient, on-demand network access become another resource to be managed by the cloud. This to a shared pool of configurable computing resources (e.g., paper examines common licensing models, including open networks, servers, storage, applications, and services) that source, and how well they function in a cloud services model. It can be rapidly provisioned and released with minimal discusses creative, new, cloud-centric licensing models and how management effort or service provider interaction. they allow providers to preserve and expand their revenue This translates to a number of benefits for large and small streams as their partners and customers transition to the organizations alike, as well as for individuals.
    [Show full text]
  • An Introduction to Malware
    Downloaded from orbit.dtu.dk on: Sep 24, 2021 An Introduction to Malware Sharp, Robin Publication date: 2017 Document Version Publisher's PDF, also known as Version of record Link back to DTU Orbit Citation (APA): Sharp, R. (2017). An Introduction to Malware. General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. Users may download and print one copy of any publication from the public portal for the purpose of private study or research. You may not further distribute the material or use it for any profit-making activity or commercial gain You may freely distribute the URL identifying the publication in the public portal If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim. An Introduction to Malware Robin Sharp DTU Compute Spring 2017 Abstract These notes, written for use in DTU course 02233 on Network Security, give a short introduction to the topic of malware. The most important types of malware are described, together with their basic principles of operation and dissemination, and defenses against malware are discussed. Contents 1 Some Definitions............................2 2 Classification of Malware........................2 3 Vira..................................3 4 Worms................................
    [Show full text]
  • How to Know What Drivers to Download
    how to know what drivers to download How do I find the hard drive type and specifications? If you'd like to view detailed information about your hard disk drives, solid-state drives, or external storage devices attached to your computer, we recommend the methods below. System Information in Windows 10. In Windows 10, you can view information about your hardware (including disks) using the System Information utility . To open the System Information utility in Windows 10: Press the Windows key, type System Information , and press Enter . Or, you can use the Run box to open the System Information utility. Press the Windows key + R keyboard shortcut. In the Run box, type msinfo32 . Press Enter or click OK . In the System Information window that opens, in the left window pane, you'll see a list of hardware categories. Expand Components , then Storage . Then, choose Drives , Disks , or any category you'd like to view. Earlier versions of Microsoft Windows. In earlier versions of Microsoft Windows, you can open the System Information utility by following the steps below. Click Start and then click the Programs folder. Click Accessories and then the System Information or System Tools folder. Open the System Information file. In the System Information window, click the + symbol next to Components . Click the + next to Storage and click Drives . In the right-side of the window, you see information about the hard drive including its capacity and serial number. IBM-compatible users. IBM-compatible users can usually enter the computer's BIOS setup to view additional information about their hard drive.
    [Show full text]
  • Software Licensing Flexibility Is
    Software licensing flexibility is key - SD Times file:///Users/mq/Desktop/Software licensing flexibility is key ... sdtimes.com Software licensing flexibility is key - SD Times Lisa Morgan Today’s businesses run on software, but the ways they want to license it are changing. To keep pace with end users’ expectations and to stay competitive, software companies are embracing more types of licensing models, including perpetual, subscription, pay-per-use, hybrid and others. On-premise licenses are being supplemented with or replaced by SaaS alternatives, and more developers are selling apps via app stores. Meanwhile, intelligent device manufacturers are putting more 1 von 3 08.10.15 14:28 Software licensing flexibility is key - SD Times file:///Users/mq/Desktop/Software licensing flexibility is key ... emphasis on software because it helps them differentiate their products and take advantage of new revenue opportunities. As technology evolves and as user expectations continue to change, software developers and intelligent device manufacturers need reliable and flexible means of protecting, monetizing and monitoring the use of their intellectual property. (Related: The big business of software licensing) “We’re noticing a steady shift away from the traditional models. What’s still top of mind is how you get from a perpetual license to a subscription-type model,” said Jon Gillespie-Brown, CEO of Nalpeiron. “Quite a few people say they like what Adobe did with Creative Suite, [not realizing] what it took to do that, but in general people want to know how they can transform their businesses.” Intelligent device manufacturers are changing their business models too.
    [Show full text]
  • A Malware Analysis and Artifact Capture Tool Dallas Wright Dakota State University
    Dakota State University Beadle Scholar Masters Theses & Doctoral Dissertations Spring 3-2019 A Malware Analysis and Artifact Capture Tool Dallas Wright Dakota State University Follow this and additional works at: https://scholar.dsu.edu/theses Part of the Information Security Commons, and the Systems Architecture Commons Recommended Citation Wright, Dallas, "A Malware Analysis and Artifact Capture Tool" (2019). Masters Theses & Doctoral Dissertations. 327. https://scholar.dsu.edu/theses/327 This Dissertation is brought to you for free and open access by Beadle Scholar. It has been accepted for inclusion in Masters Theses & Doctoral Dissertations by an authorized administrator of Beadle Scholar. For more information, please contact [email protected]. A MALWARE ANALYSIS AND ARTIFACT CAPTURE TOOL A dissertation submitted to Dakota State University in partial fulfillment of the requirements for the degree of Doctor of Philosophy in Cyber Operations March 2019 By Dallas Wright Dissertation Committee: Dr. Wayne Pauli Dr. Josh Stroschein Dr. Jun Liu ii iii Abstract Malware authors attempt to obfuscate and hide their execution objectives in their program’s static and dynamic states. This paper provides a novel approach to aid analysis by introducing a malware analysis tool which is quick to set up and use with respect to other existing tools. The tool allows for the intercepting and capturing of malware artifacts while providing dynamic control of process flow. Capturing malware artifacts allows an analyst to more quickly and comprehensively understand malware behavior and obfuscation techniques and doing so interactively allows multiple code paths to be explored. The faster that malware can be analyzed the quicker the systems and data compromised by it can be determined and its infection stopped.
    [Show full text]
  • Download Date 24/09/2021 14:31:55
    To Upgrade or Not To Upgrade Application Item Type Thesis Authors Francisco, Neil Download date 24/09/2021 14:31:55 Link to Item http://hdl.handle.net/20.500.12648/1799 To Upgrade or Not To Upgrade Application __________________________ A Master's Thesis Project Presented to the Department of Communication and Information Design __________________________ In Partial Fulfillment of the Requirements for the Master of Science Degree State University of New York Polytechnic Institute By Neil Francisco May 2021 TO UPGRADE OR NOT TO UPGRADE SUNY POLYTECHNIC INSTITUTE DEPARTMENT OF INFORMATION DESIGN AND TECHNOLOGY CERTIFICATE OF APPROVAL Approved and recommended for acceptance as a thesis in partial fulfillment of the requirements for the degree of Master of Science in Information Design and Technology. ____________________June 11, 2021 DATE ________________________________ Dr. Kathryn Stam Thesis Advisor ____________________ DATE ________________________________ Dr. Ryan Lizardi Second Reader 2 TO UPGRADE OR NOT TO UPGRADE ABSTRACT New Technology consists of new hardware devices, computational workflows, digital advances, and information systems. As technology continues to evolve over the years, this never-ending cycle of new devices and experiences will always be present amongst consumers. Traditionally, new hardware devices are intriguing because they are designed to improve our access to information, media, and a connection to the digital world, but does this mean our previous-gen devices are no longer valuable? This project involves creating a prototype application designed for both computer and mobile interfaces to help improve the accessibility to information and the overall user experience with an older device. The “To Upgrade or Not To Upgrade” app will inform end-users of their older technological device specifications and suggest hardware/software methods to unlock their full potential.
    [Show full text]
  • Xpeng Inc. (Exact Name of Registrant As Specified in Its Charter)
    Table of Contents UNITED STATES SECURITIES AND EXCHANGE COMMISSION WASHINGTON, D.C. 20549 FORM 20-F (Mark One) ☐ REGISTRATION STATEMENT PURSUANT TO SECTION 12(b) OR 12(g) OF THE SECURITIES EXCHANGE ACT OF 1934 OR ☒ ANNUAL REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 For the fiscal year ended December 31, 2020 OR ☐ TRANSITION REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 OR ☐ SHELL COMPANY REPORT PURSUANT TO SECTION 13 OR 15(d) OF THE SECURITIES EXCHANGE ACT OF 1934 Date of event requiring this shell company report For the transition period from to Commission file number 001-39466 XPeng Inc. (Exact name of Registrant as specified in its charter) Cayman Islands (Jurisdiction of incorporation or organization) No. 8 Songgang Road, Changxing Street Cencun, Tianhe District, Guangzhou Guangdong 510640 People’s Republic of China (Address of principal executive offices) Hongdi Brian Gu, Vice Chairman and President Telephone: +86-20-6680-6680 Email: [email protected] At the address of the Company set forth above (Name, Telephone, E-mail and/or Facsimile number and Address of Company Contact Person) Securities registered or to be registered pursuant to Section 12(b) of the Act: Title of each class Trading Symbol(s) Name of each exchange on which registered American Depositary Shares, each representing XPEV New York Stock Exchange two Class A ordinary shares Class A ordinary shares, par value US$0.00001 New York Stock Exchange per share* * Not for trading, but only in connection with the listing on the New York Stock Exchange of American depositary shares.
    [Show full text]
  • Practical Malware Analysis
    PRAISE FOR PRACTICAL MALWARE ANALYSIS Digital Forensics Book of the Year, FORENSIC 4CAST AWARDS 2013 “A hands-on introduction to malware analysis. I’d recommend it to anyone who wants to dissect Windows malware.” —Ilfak Guilfanov, CREATOR OF IDA PRO “The book every malware analyst should keep handy.” —Richard Bejtlich, CSO OF MANDIANT & FOUNDER OF TAOSECURITY “This book does exactly what it promises on the cover; it’s crammed with detail and has an intensely practical approach, but it’s well organised enough that you can keep it around as handy reference.” —Mary Branscombe, ZDNET “If you’re starting out in malware analysis, or if you are are coming to analysis from another discipline, I’d recommend having a nose.” —Paul Baccas, NAKED SECURITY FROM SOPHOS “An excellent crash course in malware analysis.” —Dino Dai Zovi, INDEPENDENT SECURITY CONSULTANT “The most comprehensive guide to analysis of malware, offering detailed coverage of all the essential skills required to understand the specific challenges presented by modern malware.” —Chris Eagle, SENIOR LECTURER OF COMPUTER SCIENCE AT THE NAVAL POSTGRADUATE SCHOOL “A great introduction to malware analysis. All chapters contain detailed technical explanations and hands-on lab exercises to get you immediate exposure to real malware.” —Sebastian Porst, GOOGLE SOFTWARE ENGINEER “Brings reverse-engineering to readers of all skill levels. Technically rich and accessible, the labs will lead you to a deeper understanding of the art and science of reverse-engineering. I strongly believe this will become the defacto text for learning malware analysis in the future.” —Danny Quist, PHD, FOUNDER OF OFFENSIVE COMPUTING “An awesome book .
    [Show full text]