6533b82afe1ef96bd128bb62

RESEARCH PRODUCT

Detecting Packed PE Files : Executable file analysis for the Windows operating system

Kristoffer Renstrøm Olsen

subject

VDP::Matematikk og Naturvitenskap: 400::Informasjons- og kommunikasjonsvitenskap: 420::Sikkerhet og sårbarhet: 424IKT523

description

Master's thesis in Cyber security (IKT523) Malware authors invent new methods regularly to hide and obfuscate their code. One of these methods is known as packing. An entire program is hidden inside another executable program; however, the hidden program is usually encrypted or obfuscated such that antivirus software cannot detect its real intent without unpacking it. This thesis will look into common PE packers and describe the development of an application used to detect packed PE binaries using static analysis. This thesis is useful for reverse engineers and antivirus developers; it will give some insight into the world of packing binaries, compression methods, and encryption methods. The thesis will also gather some statistics around packed PE binaries, using a prototype to analyze 225K viruses.

yearjournalcountryeditionlanguage
2021-01-01
https://hdl.handle.net/11250/2823655