• DocumentCode
    567176
  • Title

    The study of evasion of packed PE from static detection

  • Author

    Baig, Mirza ; Zavarsky, Pavol ; Ruhl, Ron ; Lindskog, Dale

  • Author_Institution
    Inf. Syst. Security Manage., Concordia Univ. Coll. of Alberta, Edmonton, AB, Canada
  • fYear
    2012
  • fDate
    10-12 June 2012
  • Firstpage
    99
  • Lastpage
    104
  • Abstract
    Static detection of packed portable executables (PEs) relies primarily on structural properties of the packed PE, and also on anomalies in the packed PE caused by packing tools. This paper outlines weaknesses in this method of detection. We show that these structural properties and anomalies are contingent features of the executable, and can be more or less easily modified to evade static detection.
  • Keywords
    invasive software; malware; packed portable executable; packing tool; static detection; structural property; Entropy; IEEE Xplore; Internet; Malware; Permission; Standards; entropy; import address table; obfuscation; static detection;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Internet Security (WorldCIS), 2012 World Congress on
  • Conference_Location
    Guelph, ON
  • Print_ISBN
    978-1-4673-1108-3
  • Type

    conf

  • Filename
    6280206