EFI-ransomware

This is the code for paper: Deep Learning Assisted Reverse Engineering: Recognizing Encryption Loops in Ransomware (IEEE TrustCom 2025)

1. System requirement

First, we conduct the experiment on a 32-bit linux system. You can use Vagrant to conduct your virtual machine, and we have a Vagrantfile for you.

First, start virtual machine

vagrant up

second, log in your virtual machine

vagrant ssh

you also have to download a intel pin (3.10) and intel xed via install_xed.sh.

2. Trace & graph generation

We have compiled the trace.so for tracing ransomware and grpahbuilder for DDG generation. For example:

./pin/pin -t trace.so -o 3des_ecb.tr -- 3des_ecb
./graph_builder 3des_ecb.tr 3des_ecb.graph

3. Ransomware reports

We have collect some reports while we are tracing the ransomware to give examples in ransom-example and provide a doc to describe our results. We cannot share the raw ransomware samples because of the safety considerations.

4. Dataset

We provide the training dataset in directory sample. And it has the description of the dataset.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

EFI-ransomware

1. System requirement

2. Trace & graph generation

3. Ransomware reports

4. Dataset

About

Uh oh!

Releases

Packages

Uh oh!

Contributors 2

Uh oh!

Languages

Name		Name	Last commit message	Last commit date
Latest commit History 12 Commits
pin		pin
ransom-example		ransom-example
sample		sample
README.md		README.md
Vagrantfile		Vagrantfile
graph_builder		graph_builder
install_xed.sh		install_xed.sh
trace.so		trace.so

PSUCyberSecurityLab/EFI-ransomware

Folders and files

Latest commit

History

Repository files navigation

EFI-ransomware

1. System requirement

2. Trace & graph generation

3. Ransomware reports

4. Dataset

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors 2

Uh oh!

Languages

Packages