Taint-assisted IAT Reconstruction against Position Obfuscation

Kawakoya, Yuhei; Miyoshi, Jun

doi:10.2197/ipsjjip.26.813

Cited by 1 publication

(1 citation statement)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…ere are many works in automatic unpacking of malware and we have already discussed several of these throughout the paper [10,17,21,23,33,39,42]. Some of this work considers the concept of IAT destruction [21,28,39] and IAT reconstruction has also been considered on a more general basis [24]. e work by Ugarte et al [42] highlights several missing gaps in existing unpackers and proposes a system-wide approach to unpacking.…”

Section: Related Workmentioning

confidence: 99%

Precise system-wide concatic malware unpacking

Korczynski

2019

Preprint

View full text Add to dashboard Cite

Run time packing is a common approach malware use to obfuscate their payloads, and automatic unpacking is, therefore, highly relevant.e problem has received much a ention, and so far, solutions based on dynamic analysis have been the most successful. Nevertheless, existing solutions lack in several areas, both conceptually and architecturally, because they focus on a limited part of the unpacking problem. ese limitations signi cantly impact their applicability, and current unpackers have, therefore, experienced limited adoption.In this paper, we introduce a new tool, called Minerva, for effective automatic unpacking of malware samples. Minerva introduces a uni ed approach to precisely uncover execution waves in a packed malware sample and produce PE les that are well-suited for follow-up static analysis. At the core, Minerva deploys a novel information ow model of system-wide dynamically generated code, precise collection of API calls and a new approach for merging execution waves and API calls. Together, these novelties amplify the generality and precision of automatic unpacking and make the output of Minerva highly usable. We extensively evaluate Minerva against synthetic and real-world malware samples and show that our techniques signi cantly improve on several aspects compared to previous work.

show abstract

Section: Related Workmentioning

confidence: 99%

Precise system-wide concatic malware unpacking

Korczynski

2019

Preprint

View full text Add to dashboard Cite

show abstract

Taint-assisted IAT Reconstruction against Position Obfuscation

Cited by 1 publication

References 15 publications

Precise system-wide concatic malware unpacking

Precise system-wide concatic malware unpacking

Contact Info

Product

Resources

About