Design and Implementation of Malware Automatic Unpacking System in Anti-VM/Debugging Environment

Sun-Kyun Kim; Hajin Kim; Mi-Jung Choi

Design and Implementation of Malware Automatic Unpacking System in Anti-VM/Debugging Environment

Sun-Kyun Kim

Hajin Kim

Mi-Jung Choi

Vol. 43, No. 11, pp. 1929-1940, Nov. 2018

10.7840/kics.2018.43.11.1929

PDF

Abstract

Recently, as the Internet usage rate has increased, the risk of malignant code exposure has increased. Malware is equipped with analysis interruption/delay technology to make analysis difficult even if detected. The most common analysis interrupt/delay techniques are Packing, Anti-VM and Anti-Debugging. In this paper, we design and implement a malware automatic unpacking system in Anti-VM/Debugging disable environment for malware analysis. The proposed system consists of initial analysis and static/dynamic analysis. In the initial analysis phase, PE data is extracted to bypass Anti-VM/Debugging and to detect packing and type of packer. Static analysis is performed using unpacking tool when packed with well-known packer, and entropy-based dynamic analysis when packed with custom packer. Next, based on the system design, we implement the PE analysis, the packing detection, the packer type detection, and the static analysis using the well-known algorithm-based unpacking tool. This study is an attempt to design and implement a system that automatically performs unpacking of malicious code according to the types of packers of malicious codes detected in the initial analysis, in the environment where Anti-VM / Debugging is disabled. This will be used as a resource to contribute to malware research.

Statistics

Cumulative Counts from November, 2022
Multiple requests among the same browser session are counted as one view. If you mouse over a chart, the values of data points will be shown.

Cite this article

[IEEE Style]

S. Kim, H. Kim, M. Choi, "Design and Implementation of Malware Automatic Unpacking System in Anti-VM/Debugging Environment," The Journal of Korean Institute of Communications and Information Sciences, vol. 43, no. 11, pp. 1929-1940, 2018. DOI: 10.7840/kics.2018.43.11.1929.

[ACM Style]

Sun-Kyun Kim, Hajin Kim, and Mi-Jung Choi. 2018. Design and Implementation of Malware Automatic Unpacking System in Anti-VM/Debugging Environment. The Journal of Korean Institute of Communications and Information Sciences, 43, 11, (2018), 1929-1940. DOI: 10.7840/kics.2018.43.11.1929.

[KICS Style]

Sun-Kyun Kim, Hajin Kim, Mi-Jung Choi, "Design and Implementation of Malware Automatic Unpacking System in Anti-VM/Debugging Environment," The Journal of Korean Institute of Communications and Information Sciences, vol. 43, no. 11, pp. 1929-1940, 11. 2018. (https://doi.org/10.7840/kics.2018.43.11.1929)

Design and Implementation of Malware Automatic Unpacking System in Anti-VM/Debugging Environment

Submenu

Search
(IN TITLE, AUTHOR, ABSTRACT,KEYWORDS)

Advanced Search

Recent Publications
(LAST 3 YEARS)

Design and Implementation of Malware Automatic Unpacking System in Anti-VM/Debugging Environment

Submenu

Search (IN TITLE, AUTHOR, ABSTRACT,KEYWORDS)

Advanced Search

POPULAR KEYWORDS(TOP 10 KEYWORDS)

Recent Publications(LAST 3 YEARS)

Search
(IN TITLE, AUTHOR, ABSTRACT,KEYWORDS)

POPULAR KEYWORDS
(TOP 10 KEYWORDS)

Recent Publications
(LAST 3 YEARS)