5th WCSET-2016 at Vietnam 

Technical Session - 4

Title:            An Experimental Study on Identifying Obfuscation Techniques in Packer
Authors:       Nguyen Minh Hai, Quan Thanh Tho
Abstract:     Malware is one of the most important problems in computer security. There are two main approaches for detecting malware, signature matching and virtual emulation. Signature is a typical bit pattern, which characterizes malwares. Most of industrial malware detection methods depend on regular expression based signature recognition. Virtual emulation prepares a sandbox to explore behaviour of malwares, which requires a deep encoding of system environments to emulate windows APIs [1]. However, emulation requires finding a suitable abstraction level which is very heavy task. Moreover, these techniques are easily defeated by the obfuscation techniques, e.g. indirect jump, self-modifying code, Structured Exception Handling (SEH) and many other techniques which are adopted in packer. In fact, most of modern malware use packers for creating a new variant which cheats the antivirus software, According to a report of Semantic Lab [2], nearly 80% of malware are packed by packer. This paper targets on the problem of identifying the obfuscation techniques which are adopted in some well-known packers. It proposes an experimental study of obfuscation techniques which are used in 7 popular packers which include UPX, FSG, NPACK, ASPACK, PECOMPAT, PETITE, and YODA. We develop our pushdown model generation of malware, BE-PUM as a generic unpacker tool by implementing the anti-anti-analysis techniques against the obfuscation techniques in these packers. During the on-the-fly disassembly, BE-PUM observes and measure the frequency of obfuscation techniques adopted in packers. We have performed the experiments in 8 packers using BE-PUM and achieved very promising results.

Keywords:  Concolic Testing, Pushdown System, Malware Detection, Binary Code Analysis, Self-Modifying Code, Packer Identification, Obfuscation Technique
Pages:        201-205

Download Full Paper

  1. Pengeluaran SDY
  2. https://ifa2020.org/
  3. https://www.hopepartnershipforeducation.org/
  4. https://www.bencomo.org/
  5. https://rvic.org/
  6. https://ladiosabuenosaires.com/
  7. DATA SGP
  8. https://www.bathconsultancygroup.com/
  9. https://climateinternational.org/
  10. https://www.tadmc.org/
  11. https://www.innvision.org/
  12. KELUARAN HK
  13. https://www.eccsit.org/
  14. KELUARAN HK
  15. https://www.la-boissaude.com/
  16. https://www.runnertriathletenews.com/
  17. https://www.lesfilmsbiographiques.com/
  18. DATA SDY
  19. https://www.shepherdoftheridge.org/
  20. https://www.musindioufu.org/
  21. Togel Hongkong
  22. https://everstribute.org/
  23. https://cosac-ndt.com/
  24. https://www.ederna.com/
  25. https://civicinnovationni.org/
  26. https://www.prattkan.com/
  27. KELUARAN SGP
  28. https://www.paganconference.com/
  29. https://francejpo.com/
  30. https://elk-mountain.com/
  31. https://www.globalteachinginsights.org/
  32. https://hwsevents.com/
  33. https://www.wildfireprograms.com/
  34. TOGEL HARI INI
  35. https://www.basharesearch.com/
  36. https://casori.org/
  37. https://www.tvemf.org/
  38. https://greatrough.com/
  39. https://www.nuitsdesarenes.com/
  40. https://www.tgssa.org/
  41. https://escapadesetflaneries.com/
  42. https://www.austenquotes.com/
  43. https://www.pahcs.com/
  44. https://www.galileoenrichment.com/