Packed PE File Detection for Malware Forensics

  • Han S
  • Lee S
N/ACitations
Citations of this article
5Readers
Mendeley users who have this article in their library.

Abstract

In malware accident investigation, the most important thing is detection of malicious code. Signature based anti-virus softwares have been used in most of the accident. Malware can easily avoid signature based detection by using packing or encryption method. Because of this, packed file detection is also important. Detection methods can be divided into signature based detection and entropy based detection. Signature based detection can not detect new packing. And entropy based detection has a problem with false positive. We provides detection method using entropy statistics of entry point section and 'write' properties of essential characteristic of packed file. And then, we show packing detection tool and evaluate its performance.

Cite

CITATION STYLE

APA

Han, S.-W., & Lee, S.-J. (2009). Packed PE File Detection for Malware Forensics. The KIPS Transactions:PartC, 16C(5), 555–562. https://doi.org/10.3745/kipstc.2009.16c.5.555

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free