IEICE Trans. Inf. & Syst.
 2015
DOI: 10.1587/transinf.2014edp7268
|View full text |Cite
|
Sign up to set email alerts
|

An Original Entry Point Detection Method with Candidate-Sorting for More Effective Generic Unpacking

Ryoichi Isawa
1
,
Daisuke Inoue
2
,
Koji Nakao
3

Abstract: SUMMARYMany malware programs emerging from the Internet are compressed and/or encrypted by a wide variety of packers to deter code analysis, thus making it necessary to perform unpacking first. To do this task efficiently, Guo et al. proposed a generic unpacking system named Justin that provides original entry point (OEP) candidates. Justin executes a packed program, and then it extracts written-and-executed points caused by the decryption of the original binary until it determines the OEP has appeared, taking… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1

Citation Types

0
1
0

Year Published

2016
2016
2024
2024

Publication Types

Select...
2
2
1

Relationship

0
5

Authors

Journals

citations
Cited by 5 publications
(1 citation statement)
references
References 17 publications
0
1
0
Order By: Relevance
“…Identifying the OEP in heavily obfuscated binaries is challenging. Traditional unpacking methods often employ a Written-then-Execute approach to locate the OEP by analyzing instructions restored at runtime [18][19][20][21]. However, commercial protectors like Themida [10], as shown in Figure 3b, implement OEP obfuscation techniques that challenge these conventional methods.…”
Section: Oep Findingmentioning
confidence: 99%

Pinicorn: Towards Automated Dynamic Analysis for Unpacking 32-Bit PE Malware

Lee,
Kim,
Yi
et al. 2024
Electronics
1
0
0
0
View full textAdd to dashboardCite
show abstract
“…Identifying the OEP in heavily obfuscated binaries is challenging. Traditional unpacking methods often employ a Written-then-Execute approach to locate the OEP by analyzing instructions restored at runtime [18][19][20][21]. However, commercial protectors like Themida [10], as shown in Figure 3b, implement OEP obfuscation techniques that challenge these conventional methods.…”
Section: Oep Findingmentioning
confidence: 99%

Pinicorn: Towards Automated Dynamic Analysis for Unpacking 32-Bit PE Malware

Lee,
Kim,
Yi
et al. 2024
Electronics
1
0
0
0
View full textAdd to dashboardCite
show abstract

Original Entry Point Detection Based on Graph Similarity

Pham,
Ogawa
2024
Lecture Notes in Computer Science
0
0
0
0
View full textAdd to dashboardCite

Mal-XT: Higher accuracy hidden-code extraction of packed binary executable

Lim
1
,
Suryadi2,
Ramli3
et al. 2018
IOP Conf. Ser.: Mater. Sci. Eng.
0
0
0
0
View full textAdd to dashboardCite
scite logo

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

Product
Browser ExtensionAssistant by sciteCitation Statement SearchReference CheckVisualizationsDashboardsExplore JournalsExplore OrganizationsExplore FundersEmbedding BadgeEmbedding Citation SearchPricing
Resources
BlogHelp & FAQAccessibility StatementAPI TermsFor Universities & GovernmentsFor ResearchersFor PublishersFor Corporate, Pharma & EnterpriseAuthor MarketingBecome an AffiliateGet an organization trial or quotescite Data & Services
About
News & PressCareersRead our PaperCoverage

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

BlogTerms and ConditionsAPI TermsPrivacy PolicyContactCookie PreferencesDo Not Sell or Share My Personal Information

Copyright © 2024 scite LLC. All rights reserved.

Made with 💙 for researchers

Part of the Research Solutions Family.