Reverse Engineering Self-Modifying Code: Unpacker Extraction

Debray, Saumya; Patel, Jay S.

doi:10.1109/wcre.2010.22

Cited by 22 publications

(15 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…First, Debray et al [13], [29] proposed a formalization of the semantics of self-unpacking code, and modeled the concept of execution phases. In their model, a phase involves all the executed instructions written by any of the previous phases.…”

Section: Related Workmentioning

confidence: 99%

SoK: Deep Packer Inspection: A Longitudinal Study of the Complexity of Run-Time Packers

Ugarte-Pedrero

Balzarotti

Santos

et al. 2015

2015 IEEE Symposium on Security and Privacy

101

View full text Add to dashboard Cite

Abstract-Run-time packers are often used by malware-writers to obfuscate their code and hinder static analysis. The packer problem has been widely studied, and several solutions have been proposed in order to generically unpack protected binaries. Nevertheless, these solutions commonly rely on a number of assumptions that may not necessarily reflect the reality of the packers used in the wild. Moreover, previous solutions fail to provide useful information about the structure of the packer or its complexity. In this paper, we describe a framework for packer analysis and we propose a taxonomy to measure the runtime complexity of packers.We evaluated our dynamic analysis system on two datasets, composed of both off-the-shelf packers and custom packed binaries. Based on the results of our experiments, we present several statistics about the packers complexity and their evolution over time.

show abstract

Section: Related Workmentioning

confidence: 99%

SoK: Deep Packer Inspection: A Longitudinal Study of the Complexity of Run-Time Packers

Ugarte-Pedrero

Balzarotti

Santos

et al. 2015

2015 IEEE Symposium on Security and Privacy

101

View full text Add to dashboard Cite

show abstract

“…An alternative static approach is to extract the portion of the bootstrap code that does the unpacking and use it to create an unpacker tool. A research prototype by Coogan et al makes strides towards automating this process, and Debray and Patel built an improved prototype that incorporates dynamic analysis to help better identify and extract the code that does the unpacking [Coogan et al 2009;Debray and Patel 2010]. Though promising, this approach has not yet been shown to work on a broad sample of real-world malware.…”

Section: Binary Code Extractionmentioning

confidence: 99%

Binary-code obfuscations in prevalent packer tools

Roundy

Miller²

2013

ACM Comput. Surv.

View full text Add to dashboard Cite

The first steps in analyzing defensive malware are understanding what obfuscations are present in realworld malware binaries, how these obfuscations hinder analysis, and how they can be overcome. While some obfuscations have been reported independently, this survey consolidates the discussion while adding substantial depth and breadth to it. This survey also quantifies the relative prevalence of these obfuscations by using the Dyninst binary analysis and instrumentation tool that was recently extended for defensive malware analysis. The goal of this survey is to encourage analysts to focus on resolving the obfuscations that are most prevalent in real-world malware.

show abstract

“…Hence, the usage of software applications has become one of the corner stone of our lives. Obviously, all these applications rely on the correct functioning of software and hardware components [6]. According to Howard and LeBlanc [13], in the 1980s, application security was achieved through secure hardware, such as ATM terminals or set-top boxes.…”

Section: Introductionmentioning

confidence: 99%

“…As a result, threats such as piracy, reverse engineering, and tampering have emerged. These threats are exacerbated by poorly protected software [5][6][7]. Therefore, it is important to have a thorough threat analysis as well as software protection schemes.…”

Section: Introductionmentioning

confidence: 99%