Malware Detection Avoidance through Mutexes

Scientific Study from the year 2020 in the subject Computer Science - IT-Security, grade: 4.0, Fordham University, language: English, abstract: Malware attacks are increasing exponentially every year and becoming harder to find since they are using various techniques to hide and bypass detection or protection mechanisms. Detecting that malware is big multi-dollar business, and antimalware companies are trying to find signatures and pieces of code that will help them identify them. Hiding and avoid detection of the created malware is a common practice for hackers. One of those methods of hiding is achieved by using mutexes. A mutex is a legitimate software used by the operating system in multithreaded programs to facilitate the normal job queue process. The same process is also used by malware software. It is a flag that can be set or upset or more specifically locked or unlocked. The problem it resolves is the unpredictable behavior and rare conditions that result from multiple threads in accessing a resource, mainly if the thread modifies that resource. Mutexes come with two types: the local mutexes (also called unnamed) and the named system mutexes. The unnamed mutexes are found only inside the process while the named ones are located within the operating system and are used for synchronization of the various activities or operations.