Presentation	2010-06-17 How to Identify Code Region after Detecting Entry Point of Malware Makoto IWAMURA, Mitsutaka ITOH, Yoichi MURAOKA,
PDF Download Page	PDF download Page Link
Abstract(in Japanese)	(See Japanese page)
Abstract(in English)	The goal of many existing methods for unpacking was finding OEP (Original Entry Point), not identifying where the original program code starts and ends. We propose a novel method, which focuses on branch instructions using relative addressing, to identify the code region including the OEP. Our approach can extract the whole code region of malware and even ensure that the extracted image does not include the other code regions. The experimental results show that our approach can identify the code region including the OEP even if two memory images including the other code regions are adjacent to the target region.
Keyword(in Japanese)	(See Japanese page)
Keyword(in English)	malware / unpacking / probabilistic disassembly / code region
Paper #	IA2010-4,ICSS2010-4
Date of Issue

Conference Information
Committee	IA
Conference Date	2010/6/10(1days)
Place (in Japanese)	(See Japanese page)
Place (in English)
Topics (in Japanese)	(See Japanese page)
Topics (in English)
Chair
Vice Chair
Secretary
Assistant

Paper Information
Registration To	Internet Architecture(IA)
Language	JPN
Title (in Japanese)	(See Japanese page)
Sub Title (in Japanese)	(See Japanese page)
Title (in English)	How to Identify Code Region after Detecting Entry Point of Malware
Sub Title (in English)
Keyword(1)	malware
Keyword(2)	unpacking
Keyword(3)	probabilistic disassembly
Keyword(4)	code region
1st Author's Name	Makoto IWAMURA
1st Author's Affiliation	NTT Information Sharing and Platform Laboratories:Waseda University()
2nd Author's Name	Mitsutaka ITOH
2nd Author's Affiliation	NTT Information Sharing and Platform Laboratories
3rd Author's Name	Yoichi MURAOKA
3rd Author's Affiliation	Waseda University
Date	2010-06-17
Paper #	IA2010-4,ICSS2010-4
Volume (vol)	vol.110
Number (no)	78
Page	pp.pp.-
#Pages	6
Date of Issue