Malware authors often use binary packers to hinder the malicious code from reverse-engineered by malware analyst. There have been many studies done on providing different approaches on unpacking the packed binary executable. Our previous works have successfully relied on the written memory section size as an indicator to extract hidden-code during the unpacking process. This paper enhances our previous work by locating executed instruction in the written memory section to provide a more precise memory location in extracting hidden code from the packed binary executable. The result of our experiments exhibits higher similarity result for all packers and benign applications compared to our previous works.
|Journal||IOP Conference Series: Materials Science and Engineering|
|Publication status||Published - 29 Nov 2018|
|Event||1st International Conference on Design, Engineering and Computer Sciences 2018, ICDECS 2018 - Jakarta, Indonesia|
Duration: 9 Aug 2018 → …