PolyPack: An Automated Online Packing Service for Optimal Antivirus Evasion
نویسندگان
چکیده
Packers have long been a valuable tool in the toolbox of offensive users for evading the detection capabilities of signature-based antivirus engines. However, selecting the packer that results in the most effective evasion of antivirus engines may not be a trivial task due to diversity in the capabilities of both antivirus and packers. In this paper, we propose the creation of an online automated service, called PolyPack, that uses an array of packers and antivirus engines as a feedback mechanism to select the packer that will result in the optimal evasion of the antivirus engines. Towards understanding the utility and efficacy of such a service, we construct an implementation of PolyPack which employs 10 packers and 10 popular antivirus engines. We show that PolyPack provides 258% more effective evasion of antivirus engines than using an average packer and out-evades the best evaluated packer (Themida) for over 40% of the binary samples.
منابع مشابه
Tax Evasion in Oil-Exporting Countries: The Case of Iran
N umerous studies have been conducted about the determinants of tax evasion. In all of these studies, this phenomenon has been taken into account in the framework of balanced budget and a non-oil economy. In this study the determinants are examined by extending an endogenous growth model and considering two cases for the government budget in an oil-exporting country along with its budget d...
متن کاملAVLeak: Fingerprinting Antivirus Emulators through Black-Box Testing
To fight the ever-increasing proliferation of novel malware, antivirus (AV) vendors have turned to emulationbased automated dynamic malware analysis. Malware authors have responded by creating malware that attempts to evade detection by behaving benignly while being running in an emulator. Malware may detect emulation by looking for emulator “fingerprints” such as unique environmental values, t...
متن کاملROPInjector: Using Return Oriented Programming for Polymorphism and Antivirus Evasion
The downside of current polymorphism techniques lies to the fact that they require a writeable code section, either marked as such in the corresponding Portable Executable (PE) section header, or by changing permissions during runtime. Both approaches are identified by AV software as alarming characteristics and/or behavior, since they are rarely found in benign PEs unless they are packed. In t...
متن کاملImage flip CAPTCHA
The massive and automated access to Web resources through robots has made it essential for Web service providers to make some conclusion about whether the "user" is a human or a robot. A Human Interaction Proof (HIP) like Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) offers a way to make such a distinction. CAPTCHA is a reverse Turing test used by Web serv...
متن کاملOptimal Online Algorithms for Multidimensional Packing Problems
We solve an open problem in the literature by providing an online algorithm for multidimensional bin packing that uses only bounded space. To achieve this, we introduce a new technique for classifying the items to be packed. We show that our algorithm is optimal among bounded space algorithms for any dimension d > 1. Its asymptotic performance ratio is (Π∞) , where Π∞ ≈ 1.691 is the asymptotic ...
متن کامل