Photometric observations of AH Cnc, a W UMa-type system in the open cluster M67, were car- fled out by using the 50BIN telescope. About 100h of time-series/3- and V-band data were taken, based on which eight new times...Photometric observations of AH Cnc, a W UMa-type system in the open cluster M67, were car- fled out by using the 50BIN telescope. About 100h of time-series/3- and V-band data were taken, based on which eight new times of light minima were determined. By applying the Wilson-Devinney method, the light curves were modeled and a revised photometric solution of the binary system was derived. We con- firmed that AH Cnc is a deep contact (f = 51%), low mass-ratio (q - 0.156) system. Adopting the distance modulus derived from study of the host cluster, we have re-calculated the physical parameters of the binary system, namely the masses and radii. The masses and radii of the two components were estimated to be respectively 1.188(4-0.061) Me, 1.332(4-0.063) RQ for the primary component and 0.185(4-0.032) Me, 0.592(4-0.051) Re for the secondary. By adding the newly derived minimum timings to all the available data, the period variations of AH Cnc were studied. This shows that the orbital period of the binary is con- tinuously increasing at a rate of dp/dt = 4.29 x 10-10 d yr-1. In addition to the long-term period increase, a cyclic variation with a period of 35.26 yr was determined, which could be attributed to an unresolved tertiary component of the system.展开更多
Static analysis is often impeded by malware obfuscation techniques,such as encryption and packing,whereas dynamic analysis tends to be more resistant to obfuscation by leveraging concrete execution information.Unfortu...Static analysis is often impeded by malware obfuscation techniques,such as encryption and packing,whereas dynamic analysis tends to be more resistant to obfuscation by leveraging concrete execution information.Unfortunately,malware can employ evasive techniques to detect the analysis environment and alter its behavior accordingly.While known evasive techniques can be explicitly dismantled,the challenge lies in generically dismantling evasions without full knowledge of their conditions or implementations,such as logic bombs that rely on uncertain conditions,let alone unsupported evasive techniques,which contain evasions without corresponding dismantling strategies and those leveraging unknown implementations.In this paper,we present Antitoxin,a prototype for automatically exploring evasive malware.Antitoxin utilizes multi-path exploration guided by taint analysis and probability calculations to effectively dismantle evasive techniques.The probabilities of branch execution are derived from dynamic coverage,while taint analysis helps identify paths associated with evasive techniques that rely on uncertain conditions.Subsequently,Antitoxin prioritizes branches with lower execution probabilities and those influenced by taint analysis for multi-path exploration.This is achieved through forced execution,which forcefully sets the outcomes of branches on selected paths.Additionally,Antitoxin employs active anti-evasion countermeasures to dismantle known evasive techniques,thereby reducing exploration overhead.Furthermore,Antitoxin provides valuable insights into sensitive behaviors,facilitating deeper manual analysis.Our experiments on a set of highly evasive samples demonstrate that Antitoxin can effectively dismantle evasive techniques in a generic manner.The probability calculations guide the multi-path exploration of evasions without requiring prior knowledge of their conditions or implementations,enabling the dismantling of unsupported techniques such as C2 and significantly improving efficiency compared to linear exploration when dealing with complex control flows.Additionally,taint analysis can accurately identify branches related to logic bombs,facilitating preferential exploration.展开更多
基金supported by the National Natural Science Foundation of China(Nos. U1131121,11303021,U1231202,11473037 and 11373073)
文摘Photometric observations of AH Cnc, a W UMa-type system in the open cluster M67, were car- fled out by using the 50BIN telescope. About 100h of time-series/3- and V-band data were taken, based on which eight new times of light minima were determined. By applying the Wilson-Devinney method, the light curves were modeled and a revised photometric solution of the binary system was derived. We con- firmed that AH Cnc is a deep contact (f = 51%), low mass-ratio (q - 0.156) system. Adopting the distance modulus derived from study of the host cluster, we have re-calculated the physical parameters of the binary system, namely the masses and radii. The masses and radii of the two components were estimated to be respectively 1.188(4-0.061) Me, 1.332(4-0.063) RQ for the primary component and 0.185(4-0.032) Me, 0.592(4-0.051) Re for the secondary. By adding the newly derived minimum timings to all the available data, the period variations of AH Cnc were studied. This shows that the orbital period of the binary is con- tinuously increasing at a rate of dp/dt = 4.29 x 10-10 d yr-1. In addition to the long-term period increase, a cyclic variation with a period of 35.26 yr was determined, which could be attributed to an unresolved tertiary component of the system.
基金supported in part by the National Natural Science Foundation of China(Grant No.62272181)
文摘Static analysis is often impeded by malware obfuscation techniques,such as encryption and packing,whereas dynamic analysis tends to be more resistant to obfuscation by leveraging concrete execution information.Unfortunately,malware can employ evasive techniques to detect the analysis environment and alter its behavior accordingly.While known evasive techniques can be explicitly dismantled,the challenge lies in generically dismantling evasions without full knowledge of their conditions or implementations,such as logic bombs that rely on uncertain conditions,let alone unsupported evasive techniques,which contain evasions without corresponding dismantling strategies and those leveraging unknown implementations.In this paper,we present Antitoxin,a prototype for automatically exploring evasive malware.Antitoxin utilizes multi-path exploration guided by taint analysis and probability calculations to effectively dismantle evasive techniques.The probabilities of branch execution are derived from dynamic coverage,while taint analysis helps identify paths associated with evasive techniques that rely on uncertain conditions.Subsequently,Antitoxin prioritizes branches with lower execution probabilities and those influenced by taint analysis for multi-path exploration.This is achieved through forced execution,which forcefully sets the outcomes of branches on selected paths.Additionally,Antitoxin employs active anti-evasion countermeasures to dismantle known evasive techniques,thereby reducing exploration overhead.Furthermore,Antitoxin provides valuable insights into sensitive behaviors,facilitating deeper manual analysis.Our experiments on a set of highly evasive samples demonstrate that Antitoxin can effectively dismantle evasive techniques in a generic manner.The probability calculations guide the multi-path exploration of evasions without requiring prior knowledge of their conditions or implementations,enabling the dismantling of unsupported techniques such as C2 and significantly improving efficiency compared to linear exploration when dealing with complex control flows.Additionally,taint analysis can accurately identify branches related to logic bombs,facilitating preferential exploration.
