Disabling Anti-Debugging Techniques for Unpacking System in User-level Debugger

E-mail attacks and spear phishing attacks, which have been pretended as corporations and civil servants, are occurring frequently. Phishing is used to steal user's personal or financial information by redirecting users to web-sites hosted with malicious code. Malware is becoming more and more intelligent as it combines with social engineering techniques, causing damage to companies, organization, or users through e-mail or web sites. Attackers who create malware use a variety of techniques, such as disrupting and delaying analysis to increase malware's life time. Anti-debugging techniques interferes with malware analysis and make it more difficult to analysis. We introduce five functions and one data structure that malware uses for anti-debugging techniques. We propose and verify a method for disabling anti-debugging techniques for such malware which have been protected by packing and anti-debugging techniques in user level debugger. This can be expected to make it easier for malware analysts to analyze malware that includes anti-debugging techniques.