International Conference on Design, Engineering and Computer Sciences 2018 | |
Mal-XT: Higher accuracy hidden-code extraction of packed binary executable | |
工业技术;计算机科学 | |
Lim, Charles^1,2 ; Suryadi^3 ; Ramli, Kalamullah^1 ; Suhandi^2 | |
Department of Electrical Engineering, Universitas Indonesia, Kampus UI, Depok | |
16424, Indonesia^1 | |
Information Technology Department, Swiss German University, Kota Tangerang, Banten | |
15143, Indonesia^2 | |
Department of Mathematics, Universitas Indonesia, Kampus UI, Depok | |
16424, Indonesia^3 | |
关键词: Code extraction; Executed instructions; Malicious codes; Memory locations; Section size; | |
Others : https://iopscience.iop.org/article/10.1088/1757-899X/453/1/012001/pdf DOI : 10.1088/1757-899X/453/1/012001 |
|
来源: IOP | |
【 摘 要 】
Malware authors often use binary packers to hinder the malicious code from reverse-engineered by malware analyst. There have been many studies done on providing different approaches on unpacking the packed binary executable. Our previous works have successfully relied on the written memory section size as an indicator to extract hidden-code during the unpacking process. This paper enhances our previous work by locating executed instruction in the written memory section to provide a more precise memory location in extracting hidden code from the packed binary executable. The result of our experiments exhibits higher similarity result for all packers and benign applications compared to our previous works.
【 预 览 】
Files | Size | Format | View |
---|---|---|---|
Mal-XT: Higher accuracy hidden-code extraction of packed binary executable | 253KB | download |