Presentation | 2011-06-17 Detecting Original Entry Point based on Comparing Runtime Library Codes in Malware Unpacking Kazuki IWAMOTO, Katsumi WASAKI, |
---|---|
PDF Download Page | PDF download Page Link |
Abstract(in Japanese) | (See Japanese page) |
Abstract(in English) | Almost malwares are compressed or encrypted by packer. So we can't analyse them directly. Several methods to extract automatically original code from packed executables are already proposed. The problems of unpacker are finding original entry point and terminating the process with extracted original code. In this paper, we focused that malwares are usually made by well-known compiler, and tried to resolve the problems by comparing to runtime library. |
Keyword(in Japanese) | (See Japanese page) |
Keyword(in English) | Malware / Static Analysis / Unpack / Entry Point / Emulation / Runtime Library |
Paper # | IA2011-10,ICSS2011-10 |
Date of Issue |
Conference Information | |
Committee | IA |
---|---|
Conference Date | 2011/6/9(1days) |
Place (in Japanese) | (See Japanese page) |
Place (in English) | |
Topics (in Japanese) | (See Japanese page) |
Topics (in English) | |
Chair | |
Vice Chair | |
Secretary | |
Assistant |
Paper Information | |
Registration To | Internet Architecture(IA) |
---|---|
Language | JPN |
Title (in Japanese) | (See Japanese page) |
Sub Title (in Japanese) | (See Japanese page) |
Title (in English) | Detecting Original Entry Point based on Comparing Runtime Library Codes in Malware Unpacking |
Sub Title (in English) | |
Keyword(1) | Malware |
Keyword(2) | Static Analysis |
Keyword(3) | Unpack |
Keyword(4) | Entry Point |
Keyword(5) | Emulation |
Keyword(6) | Runtime Library |
1st Author's Name | Kazuki IWAMOTO |
1st Author's Affiliation | Japan Computer Security Research Center:Interdisciplinary Graduate School of Science and Technology, Shinshu University() |
2nd Author's Name | Katsumi WASAKI |
2nd Author's Affiliation | Interdisciplinary Graduate School of Science and Technology, Shinshu University |
Date | 2011-06-17 |
Paper # | IA2011-10,ICSS2011-10 |
Volume (vol) | vol.111 |
Number (no) | 81 |
Page | pp.pp.- |
#Pages | 6 |
Date of Issue |