PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Renovo: a hidden code extractor for packed executables
Proceedings of the 2007 ACM workshop on Recurring malcode
Ether: malware analysis via hardware virtualization extensions
Proceedings of the 15th ACM conference on Computer and communications security
PE-Miner: Mining Structural Information to Detect Malicious Executables in Realtime
RAID '09 Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection
Structural feature based anomaly detection for packed executable identification
CISIS'11 Proceedings of the 4th international conference on Computational intelligence in security for information systems
Collective classification for packed executable identification
Proceedings of the 8th Annual Collaboration, Electronic messaging, Anti-Abuse and Spam Conference
Hi-index | 0.00 |
Malware is a powerful weapon to hamper various confidential and secure data of a personal computer. Code packing helps the malware authors to create new variants of existing malwares and thus signature based malware detection is defeated. Packing tools hinder the reverse engineering process and hence it is difficult for security researchers to perform analysis of new or unknown malware. Dynamic unpacker requires dedicated hardware and software for analyzing samples and it is computationally expensive. Hence a fast method is required for analysing packers used to create packed executable. Every packer uses its own unpacking algorithm to unpack the payload in memory, so if apriori information on packer used is available, the unpacking becomes easy. In this paper, we have proposed a novel technique for generating the signature of packed malware to identify the packer used for obfuscating the binary.