• DocumentCode
    501367
  • Title

    Research and Implementation of Compression Shell Unpacking Technology for PE File

  • Author

    Lu, Li ; Qiuju, Liu ; Tingrong, Xu

  • Author_Institution
    Sch. of Comput. Sci. & Technol., Soochow Univ., Suzhou, China
  • Volume
    1
  • fYear
    2009
  • fDate
    15-17 May 2009
  • Firstpage
    438
  • Lastpage
    442
  • Abstract
    Packing portable executable (PE) file is an effective mean to protect software, but malware authors can also use packing to conceal their malicious executable string data and code. These methods make it difficult to analyze them in detail for virus analyst and software security researcher. They have to unpack the malware first. This paper illustrated the general unpacking methods and principles, using the notepad program in windows as an instance. Firstly analyzed the PE file structure and the principle of packing, and then expounded the steps of unpacking, finally, from the compression shell´s point of view, focused on the principles and methods of unpacking technology.
  • Keywords
    data compression; file organisation; invasive software; PE file structure; compression shell unpacking technology; malware authors; notepad program; packing portable executable file; software protection; software security; virus analyst; Application software; Computer science; Cryptography; Data mining; Data security; Information technology; Protection; Space technology; Statistics; PE; Packing; Unpacking; shell;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Technology and Applications, 2009. IFITA '09. International Forum on
  • Conference_Location
    Chengdu
  • Print_ISBN
    978-0-7695-3600-2
  • Type

    conf

  • DOI
    10.1109/IFITA.2009.545
  • Filename
    5231651
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=501367