Presentation	2011-06-17 Detecting Original Entry Point based on Comparing Runtime Library Codes in Malware Unpacking Kazuki IWAMOTO, Katsumi WASAKI,
PDF Download Page	PDF download Page Link
Abstract(in Japanese)	(See Japanese page)
Abstract(in English)	Almost malwares are compressed or encrypted by packer. So we can't analyse them directly. Several methods to extract automatically original code from packed executables are already proposed. The problems of unpacker are finding original entry point and terminating the process with extracted original code. In this paper, we focused that malwares are usually made by well-known compiler, and tried to resolve the problems by comparing to runtime library.
Keyword(in Japanese)	(See Japanese page)
Keyword(in English)	Malware / Static Analysis / Unpack / Entry Point / Emulation / Runtime Library
Paper #	IA2011-10,ICSS2011-10
Date of Issue

Conference Information
Committee	IA
Conference Date	2011/6/9(1days)
Place (in Japanese)	(See Japanese page)
Place (in English)
Topics (in Japanese)	(See Japanese page)
Topics (in English)
Chair
Vice Chair
Secretary
Assistant

Paper Information
Registration To	Internet Architecture(IA)
Language	JPN
Title (in Japanese)	(See Japanese page)
Sub Title (in Japanese)	(See Japanese page)
Title (in English)	Detecting Original Entry Point based on Comparing Runtime Library Codes in Malware Unpacking
Sub Title (in English)
Keyword(1)	Malware
Keyword(2)	Static Analysis
Keyword(3)	Unpack
Keyword(4)	Entry Point
Keyword(5)	Emulation
Keyword(6)	Runtime Library
1st Author's Name	Kazuki IWAMOTO
1st Author's Affiliation	Japan Computer Security Research Center:Interdisciplinary Graduate School of Science and Technology, Shinshu University()
2nd Author's Name	Katsumi WASAKI
2nd Author's Affiliation	Interdisciplinary Graduate School of Science and Technology, Shinshu University
Date	2011-06-17
Paper #	IA2011-10,ICSS2011-10
Volume (vol)	vol.111
Number (no)	81
Page	pp.pp.-
#Pages	6
Date of Issue