A PE file bundling way based on OEP-CFH
暂无分享,去创建一个
Trojans were used to remotely control the infected host and then steal the important information in the target network. File bundling as a common way of Trojan implantation, it can effectively hide the malicious functions and then avoid being detected by the anti-virus software. Therefore, understanding the way of file bundling can improve the recognition accuracy of malicious programs and further reduce the risk of malicious programs being implanted, so as to ensure the network environment is safe and reliable. At present, commonly used Windows executable bundling way includes faking icon and tampering program entry point, but neither method can pass the antivirus software. This work presents a novel PE file bundling method, namely Override Entry Point-Control Flow Hijack (OEP-CFH), which has the advantages of fast binding, strong concealment and simple implementation. Experimental results show that the proposed OEP-CFH can bypass the mainstream anti-virus software, such as 360, Kaspersky.
[1] Bing Mao,et al. Automatic construction of printable return-oriented programming payload , 2014, 2014 9th International Conference on Malicious and Unwanted Software: The Americas (MALWARE).
[2] Daniel A. Keim,et al. A Survey of Visualization Systems for Malware Analysis , 2015, EuroVis.
[3] Mike Halsey,et al. External Malware and Virus Resources , 2017 .
[4] Umakant Mishra. Evolution of User Interfaces for the Visually Impaired- Part- 1 , 2006 .