Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ACSAC
2002
IEEE
2002
IEEE
A Toolkit for Detecting and Analyzing Malicious Software
In this paper we present PEAT: The Portable Executable Analysis Toolkit. It is a software prototype designed to provide a selection of tools that an analyst may use in order to examine structural aspects of a Windows Portable Executable (PE) file, with the goal of determining whether malicious code has been inserted into an application after compilation. These tools rely on structural features of executables that are likely to indicate the presence of inserted malicious code. The underlying premise is that typical application programs are compiled into one binary, homogeneous from beginning to end with respect to certain structural features; any disruption of this homogeneity is a strong indicator that the binary has been tampered with. For example, it could now harbor a virus or a Trojan horse program. We present our investigation into structural feature analysis, the development of these ideas into the PEAT prototype, and results that illustrate PEAT’s practical effectiveness.
Real-time TrafficRelated Content
| Added | 14 Jul 2010 |
| Updated | 14 Jul 2010 |
| Type | Conference |
| Year | 2002 |
| Where | ACSAC |
| Authors | Michael Weber, Matthew Schmid, Michael Schatz, David Geyer |
Comments (0)
Researcher Info
|
