research-article

Revealing Packed Malware

Authors:

Wei Yan,

Zheng Zhang,

Nirwan AnsariAuthors Info & Claims

IEEE Security and Privacy, Volume 6, Issue 5

Pages 65 - 69

https://doi.org/10.1109/MSP.2008.126

Published: 01 September 2008 Publication History

Publisher Site

Abstract

In concert with the ever-growing network applications, a significant increase in the spread of malware over the Internet has been observed. In cases where malware are the zero-day threats, generating their signatures for detection via anti-virus (AV) scan engines becomes an important reactive security function. However, modern malware can easily bypass AV scanners using packers, which can hide malicious file contents from detection. This article describes how packers work, and the three most commonly used unpacking methods. The authors describe the logic flow and behavior of Upack, a popular packer, as an example of a software packer.

Cited By

View all

Cheng BLeal EZhang HMing JCalandrino JTroncoso C(2023)On the feasibility of malware unpacking via hardware-assisted loop profilingProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620656(7481-7498)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620656
Rattanavipanon NPonnoprat DOchiai HTantayakul KAngchuan TKamolphiwong S(2022)Detecting Anomalous LAN Activities under Differential PrivacySecurity and Communication Networks10.1155/2022/14032002022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/1403200
Muralidharan TCohen AGerson NNissim N(2022)File Packing from the Malware Perspective: Techniques, Analysis Approaches, and Directions for EnhancementsACM Computing Surveys10.1145/353081055:5(1-45)Online publication date: 3-Dec-2022
https://dl.acm.org/doi/10.1145/3530810
Show More Cited By

Index Terms

Revealing Packed Malware
1. Security and privacy
  1. Systems security
    1. Operating systems security
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Detection of packed malware
SecurIT '12: Proceedings of the First International Conference on Security of Internet of Things

Packing is the most popular obfuscation technique used by malware writers' community in present scenario. The traditional signature-based anti-virus software had played a major role in malware detection, until the dawn of the trend of packed malware. ...
Testing malware detectors
ISSTA '04: Proceedings of the 2004 ACM SIGSOFT international symposium on Software testing and analysis

In today's interconnected world, malware, such as worms and viruses, can cause havoc. A malware detector (commonly known as virus scanner) attempts to identify malware. In spite of the importance of malware detectors, there is a dearth of testing ...
Testing malware detectors

In today's interconnected world, malware, such as worms and viruses, can cause havoc. A malware detector (commonly known as virus scanner) attempts to identify malware. In spite of the importance of malware detectors, there is a dearth of testing ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

IEEE Security and Privacy Volume 6, Issue 5

September 2008

82 pages

ISSN:1540-7993

Issue’s Table of Contents

Publisher

IEEE Educational Activities Department

United States

Publication History

Published: 01 September 2008

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

19
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 12 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Cheng BLeal EZhang HMing JCalandrino JTroncoso C(2023)On the feasibility of malware unpacking via hardware-assisted loop profilingProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620656(7481-7498)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620656
Rattanavipanon NPonnoprat DOchiai HTantayakul KAngchuan TKamolphiwong S(2022)Detecting Anomalous LAN Activities under Differential PrivacySecurity and Communication Networks10.1155/2022/14032002022Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1155/2022/1403200
Muralidharan TCohen AGerson NNissim N(2022)File Packing from the Malware Perspective: Techniques, Analysis Approaches, and Directions for EnhancementsACM Computing Surveys10.1145/353081055:5(1-45)Online publication date: 3-Dec-2022
https://dl.acm.org/doi/10.1145/3530810
Zhang XZhang ZDing RGongye CDing AFei YSavidis ISasan AThapliyal HDeMara R(2022)Ran$Net: An Anti-Ransomware Methodology based on Cache Monitoring and Deep LearningProceedings of the Great Lakes Symposium on VLSI 202210.1145/3526241.3530830(487-492)Online publication date: 6-Jun-2022
https://dl.acm.org/doi/10.1145/3526241.3530830
Bergenholtz ECasalicchio EIlie DMoss A(2020)Detection of Metamorphic Malware Packers Using Multilayered LSTM NetworksInformation and Communications Security10.1007/978-3-030-61078-4_3(36-53)Online publication date: 24-Aug-2020
https://dl.acm.org/doi/10.1007/978-3-030-61078-4_3
Choi MBang JKim JKim HMoon Y(2019)All-in-One Framework for Detection, Unpacking, and Verification for Malware AnalysisSecurity and Communication Networks10.1155/2019/52781372019Online publication date: 13-Oct-2019
https://dl.acm.org/doi/10.1155/2019/5278137
Cheng BMing JFu JPeng GChen TZhang XMarion JLie DMannan MBackes MWang X(2018)Towards Paving the Way for Large-Scale Windows Malware AnalysisProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security10.1145/3243734.3243771(395-411)Online publication date: 15-Oct-2018
https://dl.acm.org/doi/10.1145/3243734.3243771
Carpent XEldefrawy KRattanavipanon NTsudik GKim JAhn GKim SKim YLopez JKim T(2018)Temporal Consistency of Integrity-Ensuring Computations and Applications to Embedded Systems SecurityProceedings of the 2018 on Asia Conference on Computer and Communications Security10.1145/3196494.3196526(313-327)Online publication date: 29-May-2018
https://dl.acm.org/doi/10.1145/3196494.3196526
Hai NOgawa MTho QMcDonald JPreda MStakhanova N(2017)Packer identification based on metadata signatureProceedings of the 7th Software Security, Protection, and Reverse Engineering / Software Security and Protection Workshop10.1145/3151137.3160687(1-11)Online publication date: 5-Dec-2017
https://dl.acm.org/doi/10.1145/3151137.3160687
Bulazel AYener B(2017)A Survey On Automated Dynamic Malware Analysis Evasion and Counter-EvasionProceedings of the 1st Reversing and Offensive-oriented Trends Symposium10.1145/3150376.3150378(1-21)Online publication date: 16-Nov-2017
https://dl.acm.org/doi/10.1145/3150376.3150378
Show More Cited By

Abstract

Cited By

Index Terms

Recommendations

Detection of packed malware

Testing malware detectors

Testing malware detectors

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations