• Jun 14, 2017 News!Vol.8, No.5 has been indexed by EI (Inspec).   [Click]
  • Jul 19, 2017 News!Vol.9, No.4 has been published with online version. 16 peer reviewed articles from 16 specific areas are published in this issue.   [Click]
  • Jun 14, 2017 News!Vol.9, No.3 has been published with online version. 15 peer reviewed articles from 8 specific areas are published in this issue.   [Click]
General Information
Editor-in-chief
Prof. Wael Badawy
Department of Computing and Information Systems Umm Al Qura University, Canada
I'm happy to take on the position of editor in chief of IJCTE. We encourage authors to submit papers concerning any branch of computer theory and engineering.
IJCTE 2012 Vol.4(3): 476-478 ISSN: 1793-8201
DOI: 10.7763/IJCTE.2012.V4.512

PE File Features in Detection of Packed Executables

Dhruwajita Devi and Sukumar Nandi

Abstract—Portable executable or PE file features play a key role in detection of packed executables. Packing performs a lot of changes to the internal structure of PE files in such a way that it makes it very difficult for any Reverse Engineering Technique, Anti-Virus (AV) scanner or similar kind of programs to figure out whether the executable is malware or benign. Therefore, it is very important to figure out whether a given executable is packed or non-packed before detecting it as malicious or benign. Once a binary is detected as packed, it can be unpacked and can be given to AV or similar kind of programs. In this paper we have included a brief description of Portable Executable file format as we need to know the internal structure of PE before figuring out Packed Portable Executables. We have considered the packed executable by UPX packer only, and hence mentioned the functioning of UPX packer very briefly. Our approach basically works in two phases. In the first phase, it extracts various features of portable executables and in the second phase it analyses the extracted features and comes up with best set of features, which can be used to identify whether a given binary is packed or not by UPX Packer. Experimental results are shown to the end of this paper. We figure out the key feature set with proper justifications to show differences between packed and non-packed executable by UPX packer.

Index Terms—Malware, non-packed, packed, portable executable.

Dhruwajita Devi, Sukumar Nandi, Indian Institute of Technology Guwahati, Assam India (e-mail: {dhruwajita.devi, sukumar} @ iitg.ernet.in).

[PDF]

Cite: Dhruwajita Devi and Sukumar Nandi, "PE File Features in Detection of Packed Executables," International Journal of Computer Theory and Engineering vol. 4, no. 3, pp. 476-478, 2012.

Copyright © 2008-2015. International Journal of Computer Theory and Engineering. All rights reserved.
E-mail: ijcte@vip.163.com