Mal-Flux: Rendering hidden code of packed binary executable

Charles Lim, Suryadi, Kalamullah Ramli, Yohanes Syailendra Kotualubun

Research output: Contribution to journalArticle

1 Citation (Scopus)

Abstract

A binary packer has commonly been used to protect the original code inside the binary executables from being detected as malicious code by anti-malware software. Various methods of unpacking packed binary executables have been extensively studied, and several unpacking approaches have been proposed. Some of these solutions depend on various assumptions, which may limit their effectiveness. Here, a new method of memory analysis technique, called Mal-Flux, is proposed to determine the end of unpacking routine to allow hidden code extraction from the packed binary executables. Our experiments show that our method provides better performance than previous works in extracting the hidden-code from the packed binary executables.

Original languageEnglish
Pages (from-to)83-95
Number of pages13
JournalDigital Investigation
Volume28
DOIs
Publication statusPublished - 1 Mar 2019

Keywords

  • Binary packer
  • Malicious code
  • Malware
  • Memory analysis

Fingerprint Dive into the research topics of 'Mal-Flux: Rendering hidden code of packed binary executable'. Together they form a unique fingerprint.

Cite this