A study of the packer problem and its solutions

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 5230 LNCS, Issue , 2008, Pages 98-115

  Guo, Fanglu ^a   Ferrie, Peter ^a   Chiueh, Tzi Cker ^a  

^a SYMANTEC RESEARCH LABS   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPREHENSIVE STUDIES; EXECUTION SEMANTICS; JUST IN TIMES; MALWARE; MALWARE DETECTIONS; PROBLEM BASED; PROCESS IMAGES; STACK POINTERS; SYMANTEC;

COMPUTER CRIME; DATA STORAGE EQUIPMENT; INFORMATION THEORY; INTRUSION DETECTION; PACKERS; SCANNING; SOLUTIONS;

PROBLEM SOLVING;

EID: 56549090955     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-540-87403-4_6     Document Type: Conference Paper

References (20)

1. Oberhumer, M.F., Molnár, L., Reiser, J.F.: UPX: the Ultimate Packer for eXecutables (2007), http://upx.sourceforge.net/
2. ASPACK SOFTWARE, ASPack for Windows, (2007), http://www.aspack.com/ aspack.html
3. bart, FSG: [F]ast [S]mall [G]ood exe packer, (2005), http://www.xtreeme. prv.pl/
4. Dwing, WinUpack 0.39final, (2006), http://dwing.51.net/
5. Oreans Technology, Themida: Advanced Windows Software Protection System, (2008), http://www.oreans.com/themida.php
6. Silicon Realms, Armadillo/SoftwarePassport (2008), http://www. siliconrealms.com/
7. Blinkinc, Shrinker 3.4, (2008). http://www.blinkinc.com/shrinker.htm
8. Ferrie, P.: Attacks on Virtual Machines. in: Proceedings 9th Annual AVAR International Conference (2006)
9. VMProtect, VMProtect (2008), http://www.vmprotect.ru/
10. Symantec Corporation (2008), http://www.syrnantec.com/
11. Lyda, R., Hamrock, J.: Using entropy analysis to find encrypted and packed malware. IEEE Security and Privacy 5(2), 40-45 (2007)
12. Prakash, C.: Design of X86 Emulator for Generic Unpacking. In: Proceedings of 10th Annual AVAR International Conference (2007)
13. Tan, X.: Anti-unpacker Tricks in Malicious Code. In: Proceedings of 10th Annual AVAR International Conference (2007)
14. Royal, P., Halpin, M., Dagon, D., Edmonds, R., Lee, W.: Polyunpack: Automating the hidden-code extraction of unpack-executing malware. In: ACSAC 2006: Proceedings of the 22nd Annual Computer Security Applications Conference on Annual Computer Security Applications Conference, pp. 289-300 (2006)
15. Kang, M.G., Poosankam, P., Yin, H.: Renovo: A hidden code extractor for packed executables. In: Proceedings of the 5th ACM Workshop on Recurring Malcode (WORM) (Oct. 2007)
16. Stewart, J.: OllyBonE v0.1, Brcak-on-Executc for OllyDbg (2006), http://www.joestewart.org/ollybone/
17. Quist, D., Valsmith,: Covert Debugging: Circumventing Software Armoring. In: Proceedings of Black Hat USA (2007)
18. Martignoni, L., Christodorescu, M., Jha, S.: OmniUnpack: Fast, Generic, and Safe Unpacking of Malware. In: 23rd Annual Computer Security Applications Conference (ACSAC) (2007)
19. Nanda, S., Li, W., chung Lam, L., cker Chiueh, T.: BIRD: Binary interpretation using Runtime Disassembly. In: Proceedings of the 4th IEEE/ACM Conference on Code Generation and Optimization (CGO 2006) (2006)
20. NX bit, http://en.wikipedia.org/wiki/NX_bit