원문정보
초록
영어
Recently, a malware is growing rapidly and the number of malware applies various techniques to protect itself from the anti-virus solution detection. The reason of this phenomenon is that a longer resident on an infected host guarantees the more profit. As a result, these many protection techniques are applied to a malware, a representative of those is a Packing. It is not an exaggeration that most of the malware currently is distributed. In other words, a packer is widely used for a malware protection. Therefore analysts must determine whether the malware was packed or not and if the malware is packed, what packer is used, before an analysis of the malware. For these procedures, some packer detection tools were released and used. But, the detection performance is not good and there is some false positive and false negative. Therefore we propose a signature generation method that is based on an unpacking process and algorithm in this paper. And we offer the packer detection experiment result using the proposed packer detection signature generation method.
목차
1. Introduction
2. Packer
2.1. UPX
2.2. ASPack/ASProtect/ASProtect SKE
2.3. Armadillo
2.4. PE Compact
2.5. Themida
3. Packer Detection Tools
3.1. PEiD
3.2. DiE
3.3. ExeInfoPE
3.4. ProtectionID
3.5. RDG Packer Detector
3.6. FastScanner
4. Packer Detection Tool Experiment
4.1. The Packer Name Detection
4.2. The Packer Version Detection
5. The New Packer Detection Signature
5.1. The Signature Generation Method
5.2. The Detection Signature Experiment
6. Conclusion
References