Title :
Generic unpacking using entropy analysis
Author :
Jeong, Guhyeon ; Choo, Euijin ; Lee, Joosuk ; Bat-Erdene, Munkhbayar ; Lee, Heejo
Author_Institution :
Div. of Comput. & Commun. Eng., Korea Univ., Seoul, South Korea
Abstract :
Malwares attempt to evade AV scanners using various obfuscation techniques. Packing is a popular obfuscation technique used by 80% of malwares. In this paper, we propose a generic unpacking mechanism to find the original entry point (OEP) using entropy analysis. The experiment using 110 packed executables demonstrates the proposed mechanism can locate the OEPs of 72% of the packed executables. Furthermore, we show how the mechanism could be applied to packed malwares.
Keywords :
entropy; invasive software; AV scanners; entropy analysis; generic unpacking mechanism; malwares; obfuscation technique; original entry point; Entropy; Information theory; Malware; Monitoring; Software; Software measurement; Virtual machining;
Conference_Titel :
Malicious and Unwanted Software (MALWARE), 2010 5th International Conference on
Conference_Location :
Nancy, Lorraine
Print_ISBN :
978-1-4244-9353-1
DOI :
10.1109/MALWARE.2010.5665789
