Leveraging LLMs for malware analysis - CFF deobfuscation

Motivated by this paper on Control Flow Flattening (CFF) deobfuscation via LLM, I decided to explore the topic with current frontier models. The paper does not provide code but outlines the algorithm for the chain-of-thought methodology. However, the paper feeds the LLM models with LLVM-IR or obfuscated source code. As the authors acknowledge, this approach is unrealistic, since real-world engineering tasks do not have access to this information. For this article, we will only use machine code or decompiled pseudocode generated by the Hex-Rays decompiler.