• • 上一篇    下一篇

恶意代码自动脱壳技术研究

彭小详%户振江%龚涛%舒辉   

Research of Malicious Code in Automatic Unpacking

PENG Xiao-xiang%HU Zhen-jiang%GONG Tao%SHU Hui   

  • About author:解放军信息工程大学网络空间安全学院,河南郑州,450000

摘要: 恶意程序普遍使用一些高级的软件保护技术躲避检测工具等的查杀,而复杂的程序加壳技术就是其中的典型代表,必须对其进行脱壳操作才能进行彻底的分析。文章以对壳程序特征的分析为基础,提取样本程序的外壳特征,自动提取加壳程序隐藏的代码和数据,并提出了基于动态分析平台的自动脱壳系统的设计方案。实验结果表明,该系统可以有效处理常见的外壳程序类型,一方面提高了脱壳技术的自动化程度,另一方面大大增强了脱壳技术的通用性。

Abstract: Malware often use some advanced software protection techniques to evade detection, and the complex packing techniques is one of the typical, you must unpack the malware ifrst, then you can analysis them in detail. This paper studied based on analysis of sample program packed characteristics, automatically extracted hidden code and data from packers, and propose the automatic unpacking system design based on the dynamic analysis platform. The test results show that this system can deal with common packed type, on one hand it improve the degree of automation techniques, on the other hand greatly enhances the versatility of unpacking technology.