• Nov 29, 2022 News!IJCTE Vol. 14, No. 1-No. 3 have been indexed by SCOPUS.   [Click]
  • Aug 08, 2022 News![International Journal of Computer Theory and Engineering] Accepted for Coverage in Scopus   [Click]
  • Dec 30, 2021 News!Vol.13, No.1 & Vol.13, No.2 have been indexed by Inspec.   [Click]
General Information
    • ISSN: 1793-8201 (Print)
    • Abbreviated Title: Int. J. Comput. Theory Eng.
    • Frequency: Quarterly
    • DOI: 10.7763/IJCTE
    • Editor-in-Chief: Prof. Mehmet Sahinoglu
    • Associate Editor-in-Chief: Assoc. Prof. Alberto Arteta
    • Executive Editor: Ms. Mia Hu
    • Abstracting/Indexing: Scopus (Since 2022), INSPEC (IET), CNKI,  Google Scholar, EBSCO, etc.
    • E-mail: ijcte@iacsitp.com
Editor-in-chief
Prof. Mehmet Sahinoglu
Faculty at Computer Science Department, Troy University, USA
I'm happy to take on the position of editor in chief of IJCTE. We encourage authors to submit papers concerning any branch of computer theory and engineering.

IJCTE 2012 Vol.4(3): 476-478 ISSN: 1793-8201
DOI: 10.7763/IJCTE.2012.V4.512

PE File Features in Detection of Packed Executables

Dhruwajita Devi and Sukumar Nandi

Abstract—Portable executable or PE file features play a key role in detection of packed executables. Packing performs a lot of changes to the internal structure of PE files in such a way that it makes it very difficult for any Reverse Engineering Technique, Anti-Virus (AV) scanner or similar kind of programs to figure out whether the executable is malware or benign. Therefore, it is very important to figure out whether a given executable is packed or non-packed before detecting it as malicious or benign. Once a binary is detected as packed, it can be unpacked and can be given to AV or similar kind of programs. In this paper we have included a brief description of Portable Executable file format as we need to know the internal structure of PE before figuring out Packed Portable Executables. We have considered the packed executable by UPX packer only, and hence mentioned the functioning of UPX packer very briefly. Our approach basically works in two phases. In the first phase, it extracts various features of portable executables and in the second phase it analyses the extracted features and comes up with best set of features, which can be used to identify whether a given binary is packed or not by UPX Packer. Experimental results are shown to the end of this paper. We figure out the key feature set with proper justifications to show differences between packed and non-packed executable by UPX packer.

Index Terms—Malware, non-packed, packed, portable executable.

Dhruwajita Devi, Sukumar Nandi, Indian Institute of Technology Guwahati, Assam India (e-mail: {dhruwajita.devi, sukumar} @ iitg.ernet.in).

[PDF]

Cite: Dhruwajita Devi and Sukumar Nandi, "PE File Features in Detection of Packed Executables," International Journal of Computer Theory and Engineering vol. 4, no. 3, pp. 476-478, 2012.


Copyright © 2008-2022. International Association of Computer Science and Information Technology. All rights reserved.