5 Cybersecurity Technologies: Countermeasures Against Emerging Threats:5-1 Technology for Supporting Obfuscated-Malware Analysis

摘要

Many malware~(*1) specimens emerge from the Internet every day, making it necessary for analysts to capture those specimens, analyze them, and create countermeasures more effectively. Our research focuses on the second step, which means how to further effective malware analysis. To achieve this, one of the most important challenges is generic unpacking, which can automatically extract the original binary of packed (compressed and/or encrypted)~(*2) malware without depending on the applied packing algorithms. Generic unpacking is a key research topic because most specimens are packed to shield them from code analysis. This paper presents an effective generic-unpacking system.