O-checker : Detection of Malicious Documents through Deviation from File Format Specifications

@inproceedings{Otsubo2016OcheckerD,
  title={O-checker : Detection of Malicious Documents through Deviation from File Format Specifications},
  author={Yuhei Otsubo},
  year={2016}
}
Documents containing executable files are often used in targeted email attacks in Japan. We examine various document formats (Rich Text Format, Compound File Binary and Portable Document Format) for files used in targeted attacks from 2009 to 2012 in Japan. Almost all the examined document files contain executable files that ignore the document file format specifications. Therefore, we focus on deviations from file format specifications and examine stealth techniques for hiding executable files… CONTINUE READING

References

Publications referenced by this paper.
Showing 1-8 of 8 references

Applying file structure inspection to detecting malicious pdf files

  • Y. OTSUBO, M. MIMURA, H. TANAKA
  • Information Processing Society of Japan (IPSJ…
  • 2014
1 Excerpt

Methods to detect malicious ms document file using file structure inspection

  • Y. OTSUBO, M. MIMURA, H. TANAKA
  • Information Processing Society of Japan (IPSJ…
  • 2014
1 Excerpt

Microsoft PE and COFF Specification

  • Y. O TSUBO, M. M IMURA, H. T ANAKA
  • 2013

A fast and precise malicious pdf filter

  • W XU, X WANG, Y ZHANG, XIE
  • Proceedings of the 22nd Virus Bulletin…
  • 2012

A tool for the detection of hidden data in microsoft compound document file format

  • K. HYUKDON, K. YEOG, L. SANGJIN, L. JONGIN
  • Proceedings of the 2008 International Conference…
  • 2008
1 Excerpt

16,800 clean and 11,960 malicious files for signature testing and research. http://contagiodump.blogspot.jp/ 2013/03/16800-clean-and-11960-malicious-files

  • P. MILA
  • 1960
2 Excerpts

Similar Papers

Loading similar papers…