Title :
RePEF — A system for Restoring Packed Executable File for malware analysis
Author :
Wei, Te-en ; Chen, Zhi-wei ; Tien, Chin-wei ; Wu, Jain-shing ; Lee, Hahn-Ming ; Jeng, Albert B.
Author_Institution :
Dept. of Comput. Sci. & Inf. Eng., Nat. Taiwan Univ. of Sci. & Technol., Taipei, Taiwan
Abstract :
Malware analysis technologies are important and essential for extracting the behavior of malicious program. However, in order to avoid detection and analysis, malware creators usually deploy packing techniques to achieve their goals. This kind of packing technique hides import table of program file, so that people can neither understand how to assembly code nor learn the structure of the PE file. Recently, Institute for Information Industry (III) developed the CSS technique which can be used to unpack PE file from the memory. Subsequently, we proposed a reconstructive method base on CSS to rebuild the dumped file which then can be executed correctly. The combination of CSS and the reconstructive method is named Restoring Packed Executable File (RePEF), which can be used to automatically reverse the packed PE file (UPX and ASPack) immaterial of running on either Windows or Linux platform. RePEF can also improve and ensure the successful rate of malware detection and dynamic analysis.
Keywords :
Linux; file organisation; invasive software; ASPack; CSS technique; Institute for Information Industry; Linux platform; RePEF; UPX; Windows; dumped file; malicious program; malware analysis; malware detection; packed executable file restoration; reconstructive method; Arrays; Cascading style sheets; Cybernetics; Image reconstruction; Machine learning; Malware; Monitoring; ASPack; Dynamic Analysis; Portable Executable file; Reverse Engineering; UPX;
Conference_Titel :
Machine Learning and Cybernetics (ICMLC), 2011 International Conference on
Conference_Location :
Guilin
Print_ISBN :
978-1-4577-0305-8
DOI :
10.1109/ICMLC.2011.6016777
