SPADE: Signature based PAcker DEtection

Malware is a powerful weapon to hamper various confidential and secure data of a personal computer. Code packing helps the malware authors to create new variants of existing malwares and thus signature based malware detection is defeated. Packing tools hinder the reverse engineering process and hence it is difficult for security researchers to perform analysis of new or unknown malware. Dynamic unpacker requires dedicated hardware and software for analyzing samples and it is computationally expensive. Hence a fast method is required for analysing packers used to create packed executable. Every packer uses its own unpacking algorithm to unpack the payload in memory, so if apriori information on packer used is available, the unpacking becomes easy. In this paper, we have proposed a novel technique for generating the signature of packed malware to identify the packer used for obfuscating the binary.

[1]  Christopher Krügel,et al.  Efficient Detection of Split Personalities in Malware , 2010, NDSS.

[2]  P. Vinod,et al.  MOMENTUM: MetamOrphic malware exploration techniques using MSA signatures , 2012, 2012 International Conference on Innovations in Information Technology (IIT).

[3]  Heng Yin,et al.  Renovo: a hidden code extractor for packed executables , 2007, WORM '07.

[4]  Wenke Lee,et al.  PolyUnpack: Automating the Hidden-Code Extraction of Unpack-Executing Malware , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[5]  Muhammad Zubair Shafiq,et al.  PE-Miner: Mining Structural Information to Detect Malicious Executables in Realtime , 2009, RAID.

[7]  Wenke Lee,et al.  Ether: malware analysis via hardware virtualization extensions , 2008, CCS.

[8]  Igor Santos,et al.  Structural Feature Based Anomaly Detection for Packed Executable Identification , 2011, CISIS.

[9]  Igor Santos,et al.  Collective classification for packed executable identification , 2011, CEAS '11.

[10]  M S Waterman,et al.  Identification of common molecular subsequences. , 1981, Journal of molecular biology.

[11]  Somesh Jha,et al.  OmniUnpack: Fast, Generic, and Safe Unpacking of Malware , 2007, Twenty-Third Annual Computer Security Applications Conference (ACSAC 2007).