An Implementation of a Generic Unpacking Method on BochsEmulator

Bibliographic Information

Other Title
  • An Implementation of a Generic Unpacking Method on Bochs Emulator

Abstract

In these days, it is very prevalent to discover many packed malwares caught inany malware collecting systems including honeypots. Thus, the initial step for usual malwareanalysis involves unpacking binary samples. In this paper, we present a yet another methodof generic binary unpacking. A typical packed binary includes stub code that takes chargeof unrolling packed data at the early stage of program execution thereby realizing originalexecution context. Our approach is basically to measure code revelation/concealment based onbyte state model that reflects the behavior of such stub code. We also describe a proof-of-conceptimplementation based on Bochs x86 system emulator.

In these days, it is very prevalent to discover many packed malwares caught inany malware collecting systems including honeypots. Thus, the initial step for usual malwareanalysis involves unpacking binary samples. In this paper, we present a yet another methodof generic binary unpacking. A typical packed binary includes stub code that takes chargeof unrolling packed data at the early stage of program execution thereby realizing originalexecution context. Our approach is basically to measure code revelation/concealment based onbyte state model that reflects the behavior of such stub code. We also describe a proof-of-conceptimplementation based on Bochs x86 system emulator.

Journal

Details 詳細情報について

  • CRID
    1050011097178093696
  • NII Article ID
    170000066035
  • Web Site
    http://id.nii.ac.jp/1001/00074878/
  • Text Lang
    en
  • Article Type
    conference paper
  • Data Source
    • IRDB
    • CiNii Articles

Report a problem

Back to top