Abstract
Reverse Engineering benign or malicious samples can take a considerable amount of time. Reversing many samples, or tracking changes in malware families, can cause an analyst to see similar or even the same functions used over and over. The similar, or same, functions could be seen recently, allowing the analyst to recall the metadata they associated with it. However, most likely, the disassembly will be familiar but the analyst will need to review the function to associate metadata with it. Broadening this to a team setting, time and effort is required to keep everyone's metadata sync-ed up between the same or similar samples. Reverse engineering the same routines is a waste of time and can be reduced by applying the right reverse engineering collaborative framework. In this paper a solution is provided for transferring knowledge to similar functions by introducing a new reverse engineering tool, named FIRST (Function Identification and Recovery Signature Tool), to reduce analysis time and enable information sharing.