Detailed Information
Cited 0 time in 
Cited 0 time in 
Cited 0 time in
Metadata Downloads
Pinicorn: Towards Automated Dynamic Analysis for Unpacking 32-Bit PE Malware
Full metadata record
| DC Field | Value | Language |
|---|---|---|
| dc.contributor.author | Lee, Gwangyeol | - |
| dc.contributor.author | Kim, Minho | - |
| dc.contributor.author | Yi, Jeong Hyun | - |
| dc.contributor.author | Cho, Haehyun | - |
| dc.date.accessioned | 2024-07-01T06:30:40Z | - |
| dc.date.available | 2024-07-01T06:30:40Z | - |
| dc.date.issued | 2024-06 | - |
| dc.identifier.issn | 2079-9292 | - |
| dc.identifier.issn | 2079-9292 | - |
| dc.identifier.uri | https://scholarworks.bwise.kr/ssu/handle/2018.sw.ssu/49767 | - |
| dc.description.abstract | Original Entry Point (OEP) and API obfuscation techniques greatly hinder the analysis of malware. Contemporary packers, employing these sophisticated obfuscation strategies, continue to pose unresolved challenges, despite extensive research efforts. Recent studies, like API-Xray, have mainly concentrated on rebuilding obfuscated import tables in malware, but research into OEP obfuscation is still limited. As a solution, we present Pinicorn, an automated dynamic de-obfuscation system designed to tackle these complexities. Pinicorn bypasses packers' anti-analysis techniques and retrieves the original program from memory. It is specifically designed to detect and analyze trampoline codes within both OEP and the import table. Our evaluation shows that Pinicorn successfully deobfuscates programs hidden by three different packers, confirming its effectiveness through a comparative analysis with their original versions. Furthermore, we conducted experiments on malware obfuscated by Themida and VMProtect, analyzing the obfuscation techniques and successfully de-obfuscating them to validate the effectiveness of our approach. | - |
| dc.language | 영어 | - |
| dc.language.iso | ENG | - |
| dc.publisher | MDPI | - |
| dc.title | Pinicorn: Towards Automated Dynamic Analysis for Unpacking 32-Bit PE Malware | - |
| dc.type | Article | - |
| dc.identifier.doi | 10.3390/electronics13112081 | - |
| dc.identifier.bibliographicCitation | ELECTRONICS, v.13, no.11 | - |
| dc.identifier.wosid | 001245802600001 | - |
| dc.identifier.scopusid | 2-s2.0-85195876267 | - |
| dc.citation.number | 11 | - |
| dc.citation.title | ELECTRONICS | - |
| dc.citation.volume | 13 | - |
| dc.identifier.url | https://www.mdpi.com/2079-9292/13/11/2081 | - |
| dc.publisher.location | 스위스 | - |
| dc.type.docType | Article | - |
| dc.description.isOpenAccess | Y | - |
| dc.subject.keywordAuthor | OEP obfuscation | - |
| dc.subject.keywordAuthor | API obfuscation | - |
| dc.subject.keywordAuthor | deobfuscation | - |
| dc.subject.keywordAuthor | unpacking | - |
| dc.subject.keywordAuthor | malware analysis | - |
| dc.relation.journalResearchArea | Computer Science | - |
| dc.relation.journalResearchArea | Engineering | - |
| dc.relation.journalResearchArea | Physics | - |
| dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
| dc.relation.journalWebOfScienceCategory | Engineering, Electrical & Electronic | - |
| dc.relation.journalWebOfScienceCategory | Physics, Applied | - |
| dc.description.journalRegisteredClass | scie | - |
| dc.description.journalRegisteredClass | scopus | - |
- Files in This Item
- Go to Link
- Appears in
Collections - College of Information Technology > School of Software > 1. Journal Articles
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
Related Researcher
- CHO, HAEHYUN
- College of Information Technology (School of Software)