Generic unpacking using entropy analysis

Guhyeon Jeong; Euijin Choo; Joosuk Lee; Munkhbayar Bat-Erdene; Heejo Lee

doi:10.1109/MALWARE.2010.5665789

Generic unpacking using entropy analysis

Guhyeon Jeong, Euijin Choo, Joosuk Lee, Munkhbayar Bat-Erdene, Heejo Lee

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

31 Citations (Scopus)

Abstract

Malwares attempt to evade AV scanners using various obfuscation techniques. Packing is a popular obfuscation technique used by 80% of malwares. In this paper, we propose a generic unpacking mechanism to find the original entry point (OEP) using entropy analysis. The experiment using 110 packed executables demonstrates the proposed mechanism can locate the OEPs of 72% of the packed executables. Furthermore, we show how the mechanism could be applied to packed malwares.

Original language	English
Title of host publication	Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software, Malware 2010
Pages	98-105
Number of pages	8
DOIs	https://doi.org/10.1109/MALWARE.2010.5665789
Publication status	Published - 2010
Event	5th International Conference on Malicious and Unwanted Software, Malware 2010 - Nancy, France Duration: 2010 Oct 19 → 2010 Oct 20

Publication series

Name	Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software, Malware 2010

Other

Other	5th International Conference on Malicious and Unwanted Software, Malware 2010
Country/Territory	France
City	Nancy
Period	10/10/19 → 10/10/20

ASJC Scopus subject areas

Software

Access to Document

10.1109/MALWARE.2010.5665789

Cite this

Jeong, G., Choo, E., Lee, J., Bat-Erdene, M., & Lee, H. (2010). Generic unpacking using entropy analysis. In Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software, Malware 2010 (pp. 98-105). [5665789] (Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software, Malware 2010). https://doi.org/10.1109/MALWARE.2010.5665789

Generic unpacking using entropy analysis. / Jeong, Guhyeon; Choo, Euijin; Lee, Joosuk et al.

Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software, Malware 2010. 2010. p. 98-105 5665789 (Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software, Malware 2010).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Jeong, G, Choo, E, Lee, J, Bat-Erdene, M & Lee, H 2010, Generic unpacking using entropy analysis. in Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software, Malware 2010., 5665789, Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software, Malware 2010, pp. 98-105, 5th International Conference on Malicious and Unwanted Software, Malware 2010, Nancy, France, 10/10/19. https://doi.org/10.1109/MALWARE.2010.5665789

@inproceedings{5a5f190213b64f43ae69cfdb9bf71876,

title = "Generic unpacking using entropy analysis",

abstract = "Malwares attempt to evade AV scanners using various obfuscation techniques. Packing is a popular obfuscation technique used by 80% of malwares. In this paper, we propose a generic unpacking mechanism to find the original entry point (OEP) using entropy analysis. The experiment using 110 packed executables demonstrates the proposed mechanism can locate the OEPs of 72% of the packed executables. Furthermore, we show how the mechanism could be applied to packed malwares.",

author = "Guhyeon Jeong and Euijin Choo and Joosuk Lee and Munkhbayar Bat-Erdene and Heejo Lee",

year = "2010",

doi = "10.1109/MALWARE.2010.5665789",

language = "English",

isbn = "9781424493555",

series = "Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software, Malware 2010",

pages = "98--105",

booktitle = "Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software, Malware 2010",

note = "5th International Conference on Malicious and Unwanted Software, Malware 2010 ; Conference date: 19-10-2010 Through 20-10-2010",

}

TY - GEN

T1 - Generic unpacking using entropy analysis

AU - Jeong, Guhyeon

AU - Choo, Euijin

AU - Lee, Joosuk

AU - Bat-Erdene, Munkhbayar

AU - Lee, Heejo

PY - 2010

Y1 - 2010

N2 - Malwares attempt to evade AV scanners using various obfuscation techniques. Packing is a popular obfuscation technique used by 80% of malwares. In this paper, we propose a generic unpacking mechanism to find the original entry point (OEP) using entropy analysis. The experiment using 110 packed executables demonstrates the proposed mechanism can locate the OEPs of 72% of the packed executables. Furthermore, we show how the mechanism could be applied to packed malwares.

AB - Malwares attempt to evade AV scanners using various obfuscation techniques. Packing is a popular obfuscation technique used by 80% of malwares. In this paper, we propose a generic unpacking mechanism to find the original entry point (OEP) using entropy analysis. The experiment using 110 packed executables demonstrates the proposed mechanism can locate the OEPs of 72% of the packed executables. Furthermore, we show how the mechanism could be applied to packed malwares.

UR - http://www.scopus.com/inward/record.url?scp=78651387538&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=78651387538&partnerID=8YFLogxK

U2 - 10.1109/MALWARE.2010.5665789

DO - 10.1109/MALWARE.2010.5665789

M3 - Conference contribution

AN - SCOPUS:78651387538

SN - 9781424493555

T3 - Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software, Malware 2010

SP - 98

EP - 105

BT - Proceedings of the 5th IEEE International Conference on Malicious and Unwanted Software, Malware 2010

T2 - 5th International Conference on Malicious and Unwanted Software, Malware 2010

Y2 - 19 October 2010 through 20 October 2010

ER -

Generic unpacking using entropy analysis

Abstract

Publication series

Other

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this