Malware Analysis and Static Call Graph Generation with Radare2

"A powerful feature used in automated malware analysis is the static call graph of executable file. Elimination sandbox environment, fast scan, function patterns beyond instruction level information – all these motivate prevalence feature. Processing and storing malicious samples a scaled manner facilitates application complex network research. IDA Pro one leading disassembler tools industry can generate via GenCallGdl GenFuncGdl APIs tool which was our previous works. In this paper an alternative method presented using another tool, Radare2, open-source Unixbased software, also frequently domain. Radare2 has Python support (among other languages), r2pipe package, thus enabling full scalability on Linux-based servers containerized solutions. This offers detailed technical description how to use PE file thorough comparison with output Pro, as well public dataset experiments were carried out. 2010 Mathematics Subject Classification. 68P25, 68P30. 1998 CR Categories Descriptors. D.4.6 [Security Protection]: Subtopic Invasive software. Key words phrases. analysis, graph, radare2, Pro."