Architecture of Malware Detector for Obfuscated Code Inspection

Signature-based malware detection is a very fundamental technique that detects malware by generating signatures. The detection however, is unable to detect obfuscated malware unless pre-generated signature is stored in the database. In this paper, we propose a combination of known packer detection, unpacking module, and heuristic scanning techniques to find and block a malicious program before it manages to be executed locally. Unpacking is the process of stripping packer layers and restoring the original contents. This module contains self-decryption script bodies that are devised to detect and extract the hidden-code bodies of obfuscated malware. Hence, the scanning process only deals with real malware body but not junk block or junk subroutine code. This paper also draws up the implementation and the evaluation of our virus scanning mechanisms. Finally, we present experimental results of our proposed techniques and the results show that our test set is highly accurate.