Generic unpacking using entropy analysis

Guhyeon Jeong, Euijin Choo, Joosuk Lee, Munkhbayar Bat-Erdene, Heejo Lee

Research output: Chapter in Book/Report/Conference proceedingConference contribution

21 Citations (Scopus)

Abstract

Malwares attempt to evade AV scanners using various obfuscation techniques. Packing is a popular obfuscation technique used by 80% of malwares. In this paper, we propose a generic unpacking mechanism to find the original entry point (OEP) using entropy analysis. The experiment using 110 packed executables demonstrates the proposed mechanism can locate the OEPs of 72% of the packed executables. Furthermore, we show how the mechanism could be applied to packed malwares.

Original languageEnglish
Title of host publicationProceedings of the 5th IEEE International Conference on Malicious and Unwanted Software, Malware 2010
Pages98-105
Number of pages8
DOIs
Publication statusPublished - 2010 Dec 1
Event5th International Conference on Malicious and Unwanted Software, Malware 2010 - Nancy, France
Duration: 2010 Oct 192010 Oct 20

Other

Other5th International Conference on Malicious and Unwanted Software, Malware 2010
CountryFrance
CityNancy
Period10/10/1910/10/20

Fingerprint

Entropy
Malware
Experiments

ASJC Scopus subject areas

  • Software

Cite this

Jeong, G., Choo, E., Lee, J., Bat-Erdene, M., & Lee, H. (2010). Generic unpacking using entropy analysis. In Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software, Malware 2010 (pp. 98-105). [5665789] https://doi.org/10.1109/MALWARE.2010.5665789

Generic unpacking using entropy analysis. / Jeong, Guhyeon; Choo, Euijin; Lee, Joosuk; Bat-Erdene, Munkhbayar; Lee, Heejo.

Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software, Malware 2010. 2010. p. 98-105 5665789.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Jeong, G, Choo, E, Lee, J, Bat-Erdene, M & Lee, H 2010, Generic unpacking using entropy analysis. in Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software, Malware 2010., 5665789, pp. 98-105, 5th International Conference on Malicious and Unwanted Software, Malware 2010, Nancy, France, 10/10/19. https://doi.org/10.1109/MALWARE.2010.5665789
Jeong G, Choo E, Lee J, Bat-Erdene M, Lee H. Generic unpacking using entropy analysis. In Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software, Malware 2010. 2010. p. 98-105. 5665789 https://doi.org/10.1109/MALWARE.2010.5665789
Jeong, Guhyeon ; Choo, Euijin ; Lee, Joosuk ; Bat-Erdene, Munkhbayar ; Lee, Heejo. / Generic unpacking using entropy analysis. Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software, Malware 2010. 2010. pp. 98-105
@inproceedings{5a5f190213b64f43ae69cfdb9bf71876,
title = "Generic unpacking using entropy analysis",
abstract = "Malwares attempt to evade AV scanners using various obfuscation techniques. Packing is a popular obfuscation technique used by 80{\%} of malwares. In this paper, we propose a generic unpacking mechanism to find the original entry point (OEP) using entropy analysis. The experiment using 110 packed executables demonstrates the proposed mechanism can locate the OEPs of 72{\%} of the packed executables. Furthermore, we show how the mechanism could be applied to packed malwares.",
author = "Guhyeon Jeong and Euijin Choo and Joosuk Lee and Munkhbayar Bat-Erdene and Heejo Lee",
year = "2010",
month = "12",
day = "1",
doi = "10.1109/MALWARE.2010.5665789",
language = "English",
isbn = "9781424493555",
pages = "98--105",
booktitle = "Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software, Malware 2010",

}

TY - GEN

T1 - Generic unpacking using entropy analysis

AU - Jeong, Guhyeon

AU - Choo, Euijin

AU - Lee, Joosuk

AU - Bat-Erdene, Munkhbayar

AU - Lee, Heejo

PY - 2010/12/1

Y1 - 2010/12/1

N2 - Malwares attempt to evade AV scanners using various obfuscation techniques. Packing is a popular obfuscation technique used by 80% of malwares. In this paper, we propose a generic unpacking mechanism to find the original entry point (OEP) using entropy analysis. The experiment using 110 packed executables demonstrates the proposed mechanism can locate the OEPs of 72% of the packed executables. Furthermore, we show how the mechanism could be applied to packed malwares.

AB - Malwares attempt to evade AV scanners using various obfuscation techniques. Packing is a popular obfuscation technique used by 80% of malwares. In this paper, we propose a generic unpacking mechanism to find the original entry point (OEP) using entropy analysis. The experiment using 110 packed executables demonstrates the proposed mechanism can locate the OEPs of 72% of the packed executables. Furthermore, we show how the mechanism could be applied to packed malwares.

UR - http://www.scopus.com/inward/record.url?scp=78651387538&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=78651387538&partnerID=8YFLogxK

U2 - 10.1109/MALWARE.2010.5665789

DO - 10.1109/MALWARE.2010.5665789

M3 - Conference contribution

SN - 9781424493555

SP - 98

EP - 105

BT - Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software, Malware 2010

ER -