• Corpus ID: 12004011

Classifying Packed Programs as Malicious Software Detected

@inproceedings{OsaghaeClassifyingPP,
  title={Classifying Packed Programs as Malicious Software Detected},
  author={Edgar O. Osaghae},
  url={https://api.semanticscholar.org/CorpusID:12004011}
}
iteejournal.org
9 Citations
Background Citations
4

9 Citations

File Packing from the Malware Perspective: Techniques, Analysis Approaches, and Directions for Enhancements

Statistics on the use of packers are provided based on an extensive analysis of 24,000 PE files for the past 10 years, which allowed us to observe trends in packing use during that time and showed that packing is still widely used in malware.

A Survey on Windows-based Ransomware Taxonomy and Detection Mechanisms

This work provides a systematic review of ransomware countermeasures starting from its deployment on the victim machine until the ransom payment via cryptocurrency and proposes a roadmap for researchers to fill the gaps found in the literature in ransomware’s battle.

2-SPIFF: a 2-stage packer identification method based on function call graph and file attributes

This article analyses the differences in the function call graph (FCG) and file attributes between the non-packed executable files and the executable files packed by different packers, and proposes a 2-stage packer i dentification method based on FCG and file Attributes (2-SPIFF).

Mal-Flux: Rendering hidden code of packed binary executable

Packer identification method based on byte sequences

A new packer identification method by analyzing only code sections to extract features of malware generated by different packing tools is proposed, which can contribute to reducing overheads of malware analysis.

Auto-detection of sophisticated malware using lazy-binding control flow graph and deep learning

Packer identification based on metadata signature

This paper presents a packer identification of packed code based on metadata signature, which is a frequency vector of occurrences of classified obfuscation techniques, and identifies the used packer with the chisquare test on the metadata signature of a packed code.

A control flow graph-based signature for packer identification

The technique presented in this paper is utilized for automatic identification of malware packers that are used to obfuscate malware programs and is resilient against instruction modifications and shuffling, as a single signature is sufficient for detecting mildly different versions of the same malware.

Packer Detection for Multi-Layer Executables Using Entropy Analysis

This work elaborate a method to classify packing algorithms of a given executable into three categories: single-layer packing, re-packing, or multi- layer packing, for which SAX (Symbolic Aggregate Approximation) is used.

12 References

A Comparison of Trojan Virus Behavior in Linux and Windows Operating Systems

The objective of this paper is to explore the network packet information and detect the behavior of Trojan attacks to monitoring operating systems such as Windows and Linux and compare the behaviors of Linux and Windows using the payload size after implementing the Wireshark sniffer packet results.

Generic unpacking using entropy analysis

A generic unpacking mechanism to find the original entry point (OEP) using entropy analysis is proposed and it is shown how the mechanism could be applied to packed malwares.

Using Entropy Analysis to Find Encrypted and Packed Malware

Entropy analysis examines the statistical variation in malware executables, enabling analysts to quickly and efficiently identify packed and encrypted samples.

A Review of the Effectiveness of Malware Signature Databases against Metamorphic Malwares

This research is positioned to reviewing the current practices in the antivirus industry and determining if malware signature databases are adequate in detecting metamorphic malwares.

Packed Malware Detection using Entropy Related Analysis: A Survey

A survey on packed malware research works shows that research works on packed malware detection, either make use of entropy or entropy related analysis.

Generic Packing Detection using Several Complexity Analysis for Accurate Malware Detection

A packed file detection technique based on complexity measured by several algorithms that achieves very high detection accuracy of packed executables with a low average processing time and can effectively prepared to detect unknown, obfuscated malware and cannot be evaded by known evade techniques.

Manual Unpacking Of Upx Packed Executable Using Ollydbg and Importrec

A 'Packer' is a compression routine that compress an executable file that is compressed, encrypted, or otherwisetransformed, making it harder to recognize and reverse-engineer.

Static Analysis Based Behavioral API for Malware Detection using Markov Chain

A virus detection system based on extracting Application Program Interface calls from virus behaviors is proposed, which uses static analysis of behavior-based detection mechanism without executing of software to detect viruses at user mod by using Markov Chain.

Metamorphic Malware Detection Using Statistical Analysis

Limitations of signature based detection for detecting metamorphic viruses are presented and a similarity measure method has been successfully applied in the field of document classification problem to apply similarity measures methods on static feature, API calls of executable to classify it as malware or benign.

The new signature generation method based on an unpacking algorithm and procedure for a packer detection

A signature generation method that is based on an unpacking process and algorithm is proposed that will help analysts determine whether the malware was packed or not and if the malware is packed, what packer is used before an analysis of the malware.