PE file unpacking system and method for static analysis of malicious code

摘要

The present invention relates to an executable file unpacking system and method for static analysis of malicious code, wherein the method according to the present invention receives a detection target file, checks whether a binary file is present, and extracts a hash value if the detection target file is a binary file pre-analysis step, the step of searching the database for the malicious code hash value corresponding to the extracted hash value, and if the malicious code hash value corresponding to the extracted hash value is not found, the signature-based packer detection module is and detecting a packer using the entropy-based packer detection module, if the signature-based packer detection module does not detect a packer with respect to the file to be detected, and infers whether or not it is packed using the entropy-based packer detection module. According to the present invention, the probability of detecting a malicious code is increased, and there is an advantage in that it can be detected at a high speed.