Automated unpacking of executables packed by multiple layers of arbitrary packers
US7996904B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 19, 2007 |
| Grant date | Aug 9, 2011 |
| Priority date | — |
| Expiry date | Jun 7, 2030 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/566
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
The packing manager provides an automated method that allows existing AV scanning technology to be applied to detect known malware samples packed by one or more packers that are potentially proprietary. The packing manager tracks the memory areas to which an executable binary writes and executes, and so can unpack programs packed by multiple arbitrary packers without requiring reverse-engineering of the packers or any human intervention. By tracking page modification and execution of an executable binary at run time, the packing control module can detect the instant at which the program's control is first transferred to a page whose content is dynamically generated, so AV scanning can then be invoked. Thus, code cannot be executed under the packing control manager without being scanned by an AV scanner first.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.