| Paper Abstract and Keywords |
| Presentation |
2011-06-17 13:00
Detecting Original Entry Point based on Comparing Runtime Library Codes in Malware Unpacking
Kazuki Iwamoto, Katsumi Wasaki (Shinshu Univ.) |
| Abstract |
(in Japanese) |
(See Japanese page) |
| (in English) |
Almost malwares are compressed or encrypted by packer.
So we can't analyse them directly.
Several methods to extract automatically original code from packed executables are already proposed.
The problems of unpacker are finding original entry point and terminating the process with extracted original code.
In this paper, we focused that malwares are usually made by well-known compiler, and tried to resolve the problems by comparing to runtime library. |
| Keyword |
(in Japanese) |
(See Japanese page) |
| (in English) |
Malware / Static Analysis / Unpack / Entry Point / Emulation / Runtime Library / / |
| Reference Info. |
IEICE Tech. Rep., vol. 111, no. 82, ICSS2011-10, pp. 57-62, June 2011. |
| Paper # |
IA2011-10, ICSS2011-10 |
| Conference Information |
| Committee |
IA ICSS |
| Conference Date |
2011-06-16 - 2011-06-17 |
| Place (in Japanese) |
(See Japanese page) |
| Place (in English) |
Kyushu Institute of Technology |
| Topics (in Japanese) |
インターネットセキュリティ,一般 |
| Topics (in English) |
Internet Security, etc. |
| Paper Information |
| Registration To |
ICSS |
| Conference Code |
2011-06-IA-ICSS |
| Language |
Japanese |
| Title (in Japanese) |
(See Japanese page) |
| Sub Title (in Japanese) |
(See Japanese page) |
| Title (in English) |
Detecting Original Entry Point based on Comparing Runtime Library Codes in Malware Unpacking |
| Sub Title (in English) |
|
| Keyword(1) |
Malware |
| Keyword(2) |
Static Analysis |
| Keyword(3) |
Unpack |
| Keyword(4) |
Entry Point |
| Keyword(5) |
Emulation |
| Keyword(6) |
Runtime Library |
| Keyword(7) |
|
| Keyword(8) |
|
| 1st Author's Name |
Kazuki Iwamoto |
| 1st Author's Affiliation |
Shinshu University (Shinshu Univ.) |
| 2nd Author's Name |
Katsumi Wasaki |
| 2nd Author's Affiliation |
Shinshu University (Shinshu Univ.) |
| 3rd Author's Name |
|
| 3rd Author's Affiliation |
() |
| 4th Author's Name |
|
| 4th Author's Affiliation |
() |
| 5th Author's Name |
|
| 5th Author's Affiliation |
() |
| 6th Author's Name |
|
| 6th Author's Affiliation |
() |
| 7th Author's Name |
|
| 7th Author's Affiliation |
() |
| 8th Author's Name |
|
| 8th Author's Affiliation |
() |
| 9th Author's Name |
|
| 9th Author's Affiliation |
() |
| 10th Author's Name |
|
| 10th Author's Affiliation |
() |
| 11th Author's Name |
|
| 11th Author's Affiliation |
() |
| 12th Author's Name |
|
| 12th Author's Affiliation |
() |
| 13th Author's Name |
|
| 13th Author's Affiliation |
() |
| 14th Author's Name |
|
| 14th Author's Affiliation |
() |
| 15th Author's Name |
|
| 15th Author's Affiliation |
() |
| Speaker |
1 |
| Date Time |
2011-06-17 13:00:00 |
| Presentation Time |
25 |
| Registration for |
ICSS |
| Paper # |
IEICE-IA2011-10,IEICE-ICSS2011-10 |
| Volume (vol) |
IEICE-111 |
| Number (no) |
IEICE-IA-81,IEICE-ICSS-82 |
| Page |
pp.57-62 |
| #Pages |
IEICE-6 |
|