2018
DOI: 10.1002/cpe.5082
|View full text |Cite
|
Sign up to set email alerts
|

Packer identification method based on byte sequences

Abstract: Summary With the growing number of malware, malware analysis technologies need to be advanced continuously. Malware authors use various packing techniques to hide their code from malware detection tools and techniques. The packing techniques are generally used to compress and encrypt executable code in executable files, and the unpacking code is usually embedded in the executable files. Therefore, packed executable files can be executed by itself, and the information associated with packing can be used to anal… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
8
0

Year Published

2019
2019
2023
2023

Publication Types

Select...
7

Relationship

0
7

Authors

Journals

citations
Cited by 13 publications
(8 citation statements)
references
References 26 publications
0
8
0
Order By: Relevance
“…The smoothing technique used in this work is moving-mean. 39 In the moving mean technique, the data is being replaced by the average value of the neighboring data values, as expressed in Equation (2).…”
Section: Feature Description and Extractionmentioning
confidence: 99%
“…The smoothing technique used in this work is moving-mean. 39 In the moving mean technique, the data is being replaced by the average value of the neighboring data values, as expressed in Equation (2).…”
Section: Feature Description and Extractionmentioning
confidence: 99%
“…A drastic change in the entropy of machine code created by standard compilers indicates that the file has been packed. Many types of packers such as UPX 2 , FSG, Yoda's 3 , ExeStealth 4 , PETite 5 , ASPack 6 , UPack, and VMProtect 7 can be detected by looking for a unique sequence of byte codes [8], though the unpacking patterns and decryption keys are not detectable using this method. The complexity and ambiguity of malware activities prompts analysts towards dynamically monitoring and analyzing malware's behavior in order to discover the true nature of obfuscated files.…”
Section: Mmentioning
confidence: 99%
“…The latter method has increased challenges as it needs to reverse the malware binary. There are also some obstacles regarding reversing obfuscated and packed malware, including packer identification and decrypting ciphered sections [8], normalizing metamorphic codes [13], and executing time-limited malware -malware that only runs on a specific point or period of time. However, its efficiency was proven compared to other methods, and the amount of data required for creating the corresponding images is smaller than the former method.…”
Section: ) Deep Neural Networkmentioning
confidence: 99%
“…Choi, and E.G. Im proposes a new packer identification method that uses two types of statistical features. These features are generated using encrypted data and feature from byte frequency distributions.…”
Section: The Main Topics Of Coginnov 2018 Special Issuementioning
confidence: 99%