Kotualubun, Yohanes Syailendra and Mahendra, Adhiguna and Lim, Charles (2017) Hidden-Code Extraction From Packed Malware Using Memory Based Dynamic Analysis. Masters thesis, Swiss German University.
|
Text
Yohanes Kotualubun 22013211 TOC.pdf Download (249kB) | Preview |
|
![[img]](http://repository.sgu.ac.id/style/images/fileicons/text.png) |
Text
Yohanes Kotualubun 22013211 1.pdf Restricted to Registered users only Download (378kB) |
|
|
Text
Yohanes Kotualubun 22013211 2.pdf Restricted to Registered users only Download (1MB) |
|
|
Text
Yohanes Kotualubun 22013211 3.pdf Restricted to Registered users only Download (587kB) |
|
|
Text
Yohanes Kotualubun 22013211 4.pdf Restricted to Registered users only Download (561kB) |
|
|
Text
Yohanes Kotualubun 22013211 5.pdf Restricted to Registered users only Download (184kB) |
|
|
Text
Yohanes Kotualubun 22013211 Ref.pdf Download (269kB) | Preview |
Abstract
Software packer has been used effectively to hide the original code inside a binary executable of any malware, making it more diffcult for existing signature based anti virus software to detect malicious code inside the executable. In this Thesis, we propose Mal-Xtract, a method to detect the end of unpacking routine and extract original code from packed binary executable using Memory Analysis running in an software emulated environment. The extracted code will be validated using similarity and entropy calculation that compare the extracted body with original body. Our experiment results show that at least 97% of the original code from the various packed executable with different software packers could be extracted.
| Item Type: | Thesis (Masters) |
|---|---|
| Uncontrolled Keywords: | Packed Malware; Memory Forensic; Dynamic Analysis; Evasion technique; Emulation. |
| Subjects: | Q Science > QA Mathematics > QA76 Computer software Q Science > QA Mathematics > QA76 Computer software > |
| Divisions: | Faculty of Engineering and Information Technology > Department of Information Technology |
| Depositing User: | Astuti Kusumaningrum |
| Date Deposited: | 13 May 2020 14:46 |
| Last Modified: | 13 May 2020 14:46 |
| URI: | http://repository.sgu.ac.id/id/eprint/341 |
Actions (login required)
 |
View Item |