• DocumentCode
    1597739
  • Title

    Generic unpacking using entropy analysis

  • Author

    Jeong, Guhyeon ; Choo, Euijin ; Lee, Joosuk ; Bat-Erdene, Munkhbayar ; Lee, Heejo

  • Author_Institution
    Div. of Comput. & Commun. Eng., Korea Univ., Seoul, South Korea
  • fYear
    2010
  • Firstpage
    98
  • Lastpage
    105
  • Abstract
    Malwares attempt to evade AV scanners using various obfuscation techniques. Packing is a popular obfuscation technique used by 80% of malwares. In this paper, we propose a generic unpacking mechanism to find the original entry point (OEP) using entropy analysis. The experiment using 110 packed executables demonstrates the proposed mechanism can locate the OEPs of 72% of the packed executables. Furthermore, we show how the mechanism could be applied to packed malwares.
  • Keywords
    entropy; invasive software; AV scanners; entropy analysis; generic unpacking mechanism; malwares; obfuscation technique; original entry point; Entropy; Information theory; Malware; Monitoring; Software; Software measurement; Virtual machining;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Malicious and Unwanted Software (MALWARE), 2010 5th International Conference on
  • Conference_Location
    Nancy, Lorraine
  • Print_ISBN
    978-1-4244-9353-1
  • Type

    conf

  • DOI
    10.1109/MALWARE.2010.5665789
  • Filename
    5665789
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1597739