You are hereBlogs / root's blog / Automated Static Unpacking Using Speculative Decompression

Automated Static Unpacking Using Speculative Decompression


By root - Posted on 22 January 2012

Automated Static Unpacking Using Speculative Decompression is some work I did towards the end of 2009 during my Masters degree. It is a small contribution and not strong enough for a full length conference paper. It does however present an interesting approach to automated unpacking.

Abstract - Malware is a significant problem on the internet. Automated and manual analysis of malware is important in detection and remediation. However, malware authors understand this processand try to hinder static analysis by introducing a malware transformation that hides their code and intent. This process is known as malware packing and must be reversed before an analystor automated system can understand the intent of the malicious software. Automated unpacking attempts to solve this problem ona large scale and has been partly successful, but there is still muchto be done. In this work we propose a system for automatically and statically unpacking some forms of packed code. We identifythe compression algorithm used to pack the malware and then decompress the high entropy, compressed binary blob within thesample. This is effective for a small minority of malware samplesin the wild.