An Implementation of a Generic Unpacking Method on BochsEmulator
書誌事項
- タイトル別名
-
- An Implementation of a Generic Unpacking Method on Bochs Emulator
抄録
In these days, it is very prevalent to discover many packed malwares caught inany malware collecting systems including honeypots. Thus, the initial step for usual malwareanalysis involves unpacking binary samples. In this paper, we present a yet another methodof generic binary unpacking. A typical packed binary includes stub code that takes chargeof unrolling packed data at the early stage of program execution thereby realizing originalexecution context. Our approach is basically to measure code revelation/concealment based onbyte state model that reflects the behavior of such stub code. We also describe a proof-of-conceptimplementation based on Bochs x86 system emulator.
In these days, it is very prevalent to discover many packed malwares caught inany malware collecting systems including honeypots. Thus, the initial step for usual malwareanalysis involves unpacking binary samples. In this paper, we present a yet another methodof generic binary unpacking. A typical packed binary includes stub code that takes chargeof unrolling packed data at the early stage of program execution thereby realizing originalexecution context. Our approach is basically to measure code revelation/concealment based onbyte state model that reflects the behavior of such stub code. We also describe a proof-of-conceptimplementation based on Bochs x86 system emulator.
収録刊行物
-
- コンピュータセキュリティシンポジウム2009 (CSS2009) 論文集
-
コンピュータセキュリティシンポジウム2009 (CSS2009) 論文集 2009 1-6, 2011-10-12
- Tweet
キーワード
詳細情報 詳細情報について
-
- CRID
- 1050011097178093696
-
- NII論文ID
- 170000066035
-
- Web Site
- http://id.nii.ac.jp/1001/00074878/
-
- 本文言語コード
- en
-
- 資料種別
- conference paper
-
- データソース種別
-
- IRDB
- CiNii Articles