Generic unpacking using entropy analysis

Guhyeon Jeong, Euijin Choo, Joosuk Lee, Munkhbayar Bat-Erdene, Heejo Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

23 Citations (Scopus)

Abstract

Malwares attempt to evade AV scanners using various obfuscation techniques. Packing is a popular obfuscation technique used by 80% of malwares. In this paper, we propose a generic unpacking mechanism to find the original entry point (OEP) using entropy analysis. The experiment using 110 packed executables demonstrates the proposed mechanism can locate the OEPs of 72% of the packed executables. Furthermore, we show how the mechanism could be applied to packed malwares.

Original languageEnglish
Title of host publicationProceedings of the 5th IEEE International Conference on Malicious and Unwanted Software, Malware 2010
Pages98-105
Number of pages8
DOIs
Publication statusPublished - 2010
Event5th International Conference on Malicious and Unwanted Software, Malware 2010 - Nancy, France
Duration: 2010 Oct 192010 Oct 20

Publication series

NameProceedings of the 5th IEEE International Conference on Malicious and Unwanted Software, Malware 2010

Other

Other5th International Conference on Malicious and Unwanted Software, Malware 2010
CountryFrance
CityNancy
Period10/10/1910/10/20

ASJC Scopus subject areas

  • Software

Fingerprint Dive into the research topics of 'Generic unpacking using entropy analysis'. Together they form a unique fingerprint.

  • Cite this

    Jeong, G., Choo, E., Lee, J., Bat-Erdene, M., & Lee, H. (2010). Generic unpacking using entropy analysis. In Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software, Malware 2010 (pp. 98-105). [5665789] (Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software, Malware 2010). https://doi.org/10.1109/MALWARE.2010.5665789