BinStat Tool for Recognition of Packed Executables
暂无分享,去创建一个
The quantity of malicious artifacts (malware) generated by the combination of unique attack goals, unique targets and various tools available for the developers, demands the automation of prospecting and analysis of said artifacts. Considering the fact that one problem handled by experts in analysis of executable code is packing, this paper presents a method of packing detection through the appliance of statistical and information theory metrics. The tool developed in this study, called BinStat, generated a high recognition rate of executable packing status within the test samples, proving its effectiveness.
[1] P. Mueller. The Stuxnet Worm , 2012 .
[2] Heng Yin,et al. Renovo: a hidden code extractor for packed executables , 2007, WORM '07.
[3] Tzi-cker Chiueh,et al. A Study of the Packer Problem and Its Solutions , 2008, RAID.
[4] Muhammad Zubair Shafiq,et al. Malware detection using statistical analysis of byte-level file content , 2009, CSI-KDD '09.