A major part of the new CounterSpy 2.0 is the inclusion of a number of antivirus technologies to combat the increasingly complex forms of malware out there. For example, since over 90% of all malware is packed using UPX or other similar packers, we built our own generic unpacker.
One thing we needed to do was to build our own x86 emulator that will run inside a future version of CounterSpy Anti-malware Engine. As part of that, we built our own emulator/debugger for analyzing malware and automatically creating signatures. I was playing with it over the weekend and it’s pretty cool (don’t worry, I only play a programmer on TV). The malware executes inside the emulator and you can unpack it for analysis, similarly to how you might debug or analyze code in OllyDbg or the like.
