Netinfo Security ›› 2017, Vol. 17 ›› Issue (9): 26-29.doi: 10.3969/j.issn.1671-1122.2017.09.006

• Orginal Article • Previous Articles     Next Articles

Generation Algorithm Crack Based on DGA Domain Name of Malicious Program

Guotian XU()   

  1. National Police University of China,Shenyang Liaoning 110854, China
  • Received:2017-08-01 Online:2017-09-20 Published:2020-05-12

Abstract:

This paper presents a DGA algorithm crack method based on network packet capture , First capture the DNS resolution request sent by the zombie program, By analyzing the structural features of malicious domain names, Forensic staff can form a preliminary understanding of the DGA algorithm, and then use the static analysis tool in the malicious program search top-level domain name string positioning DGA core algorithm assembly code, The assembler is then converted to a high-level language program, Run the program, calculate the future of all available domain name information. After testing, we found that the application of this method can quickly and accurately locate the malicious program in the DGA core code, improve the efficiency of forensic analysis.

Key words: malicious program, domain generation algorithm, crack

CLC Number: