• Corpus ID: 56368806

An Implementation of a Generic Unpacking Method on BochsEmulator

@inproceedings{HyungChanKim2011AnIO,
  title={An Implementation of a Generic Unpacking Method on BochsEmulator},
  author={HyungChanKim and Inoue Daisuke and Eto Masashi and JungsukSongKojiNakao},
  year={2011},
  url={https://api.semanticscholar.org/CorpusID:56368806}
}
This paper presents a yet another method of generic binary unpacking based on byte state model that reflects the behavior of stub code that takes charge of unrolling packed data at the early stage of program execution thereby realizing original execution context.
ipsj.ixsq.nii.ac.jp
1 Citation
Methods Citations
1

Figures and Tables from this paper

One Citation

An Empirical Evaluation of an Unpacking Method Implemented with Dynamic Binary Instrumentation

This paper presents yet another method of generic binary unpacking extending a conventional unpacking heuristic, and describes evaluation experiments, conducted on wild malware collections, to discuss workability as well as limitations of the tool.

9 References

Renovo: a hidden code extractor for packed executables

This paper proposes a fully dynamic approach that captures an intrinsic nature of hidden code execution that the original code should be present in memory and executed at some point at run-time.

A Study of the Packer Problem and Its Solutions

A generic unpacking solution called Justin (Just-In-Time AV scanning), which is designed to detect the end of unpacking of a packed binary's run and invoke AV scanning against the process image at that time, and is much better than SymPack for binaries packed by those that SymPack does not support.

Emulating emulation-resistant malware

An automated technique to dynamically modify the execution of a whole-system emulator to fool a malware sample's anti-emulation checks and facilitate automatic and semi-automatic dynamic analysis of malware.

Ether: malware analysis via hardware virtualization extensions

Ether, a transparent and external approach to malware analysis, is proposed, which is motivated by the intuition that for a malware analyzer to be transparent, it must not induce any side-effects that are unconditionally detectable by malware.

Covert Debugging Circumventing Software Armoring Techniques

Saffron is a covert debugging platform based upon dynamic instrumentation techniques as well as a new ly developed page fault assisted debugger that shows that the com bination of these two techniques is effective in removing armor ing from most software armoring systems.

Using Entropy Analysis to Find Encrypted and Packed Malware

Entropy analysis examines the statistical variation in malware executables, enabling analysts to quickly and efficiently identify packed and encrypted samples.