Pinicorn: Towards Automated Dynamic Analysis for Unpacking 32-Bit PE Malware
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Lee, Gwangyeol | - |
dc.contributor.author | Kim, Minho | - |
dc.contributor.author | Yi, Jeong Hyun | - |
dc.contributor.author | Cho, Haehyun | - |
dc.date.accessioned | 2024-07-01T06:30:40Z | - |
dc.date.available | 2024-07-01T06:30:40Z | - |
dc.date.issued | 2024-06 | - |
dc.identifier.issn | 2079-9292 | - |
dc.identifier.issn | 2079-9292 | - |
dc.identifier.uri | https://scholarworks.bwise.kr/ssu/handle/2018.sw.ssu/49767 | - |
dc.description.abstract | Original Entry Point (OEP) and API obfuscation techniques greatly hinder the analysis of malware. Contemporary packers, employing these sophisticated obfuscation strategies, continue to pose unresolved challenges, despite extensive research efforts. Recent studies, like API-Xray, have mainly concentrated on rebuilding obfuscated import tables in malware, but research into OEP obfuscation is still limited. As a solution, we present Pinicorn, an automated dynamic de-obfuscation system designed to tackle these complexities. Pinicorn bypasses packers' anti-analysis techniques and retrieves the original program from memory. It is specifically designed to detect and analyze trampoline codes within both OEP and the import table. Our evaluation shows that Pinicorn successfully deobfuscates programs hidden by three different packers, confirming its effectiveness through a comparative analysis with their original versions. Furthermore, we conducted experiments on malware obfuscated by Themida and VMProtect, analyzing the obfuscation techniques and successfully de-obfuscating them to validate the effectiveness of our approach. | - |
dc.language | 영어 | - |
dc.language.iso | ENG | - |
dc.publisher | MDPI | - |
dc.title | Pinicorn: Towards Automated Dynamic Analysis for Unpacking 32-Bit PE Malware | - |
dc.type | Article | - |
dc.identifier.doi | 10.3390/electronics13112081 | - |
dc.identifier.bibliographicCitation | ELECTRONICS, v.13, no.11 | - |
dc.identifier.wosid | 001245802600001 | - |
dc.identifier.scopusid | 2-s2.0-85195876267 | - |
dc.citation.number | 11 | - |
dc.citation.title | ELECTRONICS | - |
dc.citation.volume | 13 | - |
dc.identifier.url | https://www.mdpi.com/2079-9292/13/11/2081 | - |
dc.publisher.location | 스위스 | - |
dc.type.docType | Article | - |
dc.description.isOpenAccess | Y | - |
dc.subject.keywordAuthor | OEP obfuscation | - |
dc.subject.keywordAuthor | API obfuscation | - |
dc.subject.keywordAuthor | deobfuscation | - |
dc.subject.keywordAuthor | unpacking | - |
dc.subject.keywordAuthor | malware analysis | - |
dc.relation.journalResearchArea | Computer Science | - |
dc.relation.journalResearchArea | Engineering | - |
dc.relation.journalResearchArea | Physics | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
dc.relation.journalWebOfScienceCategory | Engineering, Electrical & Electronic | - |
dc.relation.journalWebOfScienceCategory | Physics, Applied | - |
dc.description.journalRegisteredClass | scie | - |
dc.description.journalRegisteredClass | scopus | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
Soongsil University Library 369 Sangdo-Ro, Dongjak-Gu, Seoul, Korea (06978)02-820-0733
COPYRIGHT ⓒ SOONGSIL UNIVERSITY, ALL RIGHTS RESERVED.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.