Name
Abstract | ||
|---|---|---|
Run-time packing is a technique employed by malware authors in order to conceal e.g., encrypt malicious code and recover it at run-time. In particular, some run-time packers only decrypt individual regions of code on demand, re-encrypting them again when they are not running. This technique is known as shifting decode frames and it can greatly complicate malware analysis. The first solution that comes to mind to analyze these samples is to apply multi-path exploration to trigger the unpacking of all the code regions. Unfortunately, multi-path exploration is known to have several limitations, such as its limited scalability for the analysis of real-world binaries. In this paper, we propose a set of domain-specific optimizations and heuristics to guide multi-path exploration and improve its efficiency and reliability for unpacking binaries protected with shifting decode frames. |
Year | DOI | Venue |
|---|---|---|
2016 | 10.1007/978-3-319-40667-1_10 | DIMVA |
Field | DocType | Citations |
Computer science,Code on demand,Encryption,Heuristics,Malware,Computer engineering,Operating system,Unpacking,Malware analysis,Scalability | Conference | 1 |
PageRank | References | Authors |
0.35 | 9 | 4 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Xabier Ugarte-Pedrero | 1 | 311 | 17.43 |
| Davide Balzarotti | 2 | 2040 | 113.64 |
| Igor Santos | 3 | 664 | 45.73 |
| Pablo Garcia Bringas | 4 | 690 | 55.27 |