A Study of the Packer Problem and Its Solutions
نویسندگان
چکیده
An increasing percentage of malware programs distributed in the wild are packed by packers, which are programs that transform an input binary’s appearance without affecting its execution semantics, to create new malware variants that can evade signature-based malware detection tools. This paper reports the results of a comprehensive study of the extent of the packer problem based on data collected at Symantec and the effectiveness of existing solutions to this problem. Then the paper presents a generic unpacking solution called Justin (Just-In-Time AV scanning), which is designed to detect the end of unpacking of a packed binary’s run and invoke AV scanning against the process image at that time. For accurate end-to-unpacking detection, Justin incorporates the following heuristics: Dirty Page Execution, Unpacker Memory Avoidance, Stack Pointer Check and Command-Line Argument Access. Empirical testing shows that when compared with SymPack, which contains a set of manually created unpackers for a collection of selective packers, Justin’s effectiveness is comparable to SymPack for those binaries packed by these supported packers, and is much better than SymPack for binaries packed by those that SymPack does not support. 1 The Packer Problem
منابع مشابه
Stochastic Facility Layout Planning Problem: A Metaheuristic and Case Study
Facility layout is one of the most important Operations Management problems due to its direct impact on the financial performance of both private and public firms. Facility layout problem (FLP) with stochastic parameters, unequal area facilities, and grid system modeling is named GSUA-STFLP. This problem has not been worked in the literature so that to solve GSUA-STFLP is our main contribution....
متن کاملFatigue in Progressive Neurological Conditions: A Literature Review
This paper reviews the current literature examining the pervasive symptom of fatigue experienced in three of the most common degenerative neurological conditions: multiple sclerosis (MS), Parkinson’s disease (PD) and post-polio syndrome (PPS). The existing literature can be considered under four headings definition and prevalence, type, cause, impact of fatigue. Fatigue is a common symptom in d...
متن کاملA Combined Metaheuristic Algorithm for the Vehicle Routing Problem and its Open Version
Abstract: The Open Vehicle Routing Problem (OVRP) is one of the most important extensions of the vehicle routing problem (VRP) that has many applications in industrial and service. In the VRP, a set of customers with a specified demand of goods are given and a depot where a fleet of identical capacitated vehicles is located. We are also given the ‘‘traveling costs’’ between the depot and all th...
متن کاملEnumeration of Dominant Solutions: An Application in Transport Network Design
A One-Dimensional Binary Integer Programming Problem (1DB-IPP) is concerned with selecting a subset from a set of k items in budget constraint to optimize an objective function. In this problem a dominant solution is defined as a feasible selection to which no further item could be added in budget constraint. This paper presents a simple algorithm for Enumeration of Dominant Solutions (EDS) and...
متن کاملComparison of children's problem solving skills and self-esteem levels in child-centered and teacher-centered preschools
The aim of this study was to compare childrenchr('39')s problem-solving skills and self-esteem levels in child-centered and teacher-centered preschools. This study was a comparative causal study. the statistical population of the study included children studying in preschools in the 15th district of Tehran. 50 children (25 people with child-centered education and 25 people with teacher-centered...
متن کامل