• DocumentCode
    3561542
  • Title

    Two techniques for detecting packed portable executable files

  • Author

    Saeed, Muhammad Umair ; Lindskog, Dale ; Zavarsky, Pavol ; Ruhl, Ron

  • Author_Institution
    Inf. Syst. Security Manage., Concordia Univ. Coll. of Alberta, Edmonton, AB, Canada
  • fYear
    2013
  • Firstpage
    22
  • Lastpage
    26
  • Abstract
    Various techniques have been recently proposed to evade static detection of packed portable executable files. In this paper, two such evasion techniques are examined, their limitations are illustrated, and we describe two methods of detection which overcome these evasion techniques. We argue that these methods of detection are not easily evaded.
  • Keywords
    data encapsulation; file organisation; evasion techniques; import address table; original entry point; static packed portable executable file detection techniques; detection; evasion; import address table; original entry point; packed portable executable;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Society (i-Society), 2013 International Conference on
  • Type

    conf

  • Filename
    6636333
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3561542