PAPERS
THE SIXTH INTERNATIONAL CONFERENCE ON FORENSIC COMPUTER SCIENCE
Print ISBN 978-85-65069-07-6 - Online ISBN 978-85-65069-05-2, pp 173-181
DOI: 10.5769/C2011020 and http://dx.doi.org/10.5769/C2011020
BinStat - Ferramenta para Reconhecimnto de Executáveis Empacotados
By Kil Jin Brandini Park, Rodrigo Ruiz, and Antônio Montes
To download this paper, click here.
Print ISBN 978-85-65069-07-6 - Online ISBN 978-85-65069-05-2, pp 173-181
DOI: 10.5769/C2011020 and http://dx.doi.org/10.5769/C2011020
BinStat - Ferramenta para Reconhecimnto de Executáveis Empacotados
By Kil Jin Brandini Park, Rodrigo Ruiz, and Antônio Montes
To download this paper, click here.
ABSTRACT
The quantity of malicious artifacts (malware) generated by the combination of unique attack goals, unique targets and various tools available for the developers, demands the automation of prospecting and analysis of said artifacts. Considering the fact that one problem handled by experts in analysis of executable code is packing, this paper presents a method of packing detection through the appliance of statistical and information theory metrics. The tool developed in this study, called BinStat, generated a high recognition rate of executable packing status with the test samples, proving its effectiveness.
KEYWORDS
Packing, Packed Executables, Malware Analysis
The quantity of malicious artifacts (malware) generated by the combination of unique attack goals, unique targets and various tools available for the developers, demands the automation of prospecting and analysis of said artifacts. Considering the fact that one problem handled by experts in analysis of executable code is packing, this paper presents a method of packing detection through the appliance of statistical and information theory metrics. The tool developed in this study, called BinStat, generated a high recognition rate of executable packing status with the test samples, proving its effectiveness.
KEYWORDS
Packing, Packed Executables, Malware Analysis
To return to the "Published Papers" main page, click here.