—Current malware is often transmitted in packed or encrypted form to prevent examination by anti-virus software. To analyze new malware, researchers typically resort to dynamic c...
Kevin Coogan, Saumya K. Debray, Tasneem Kaochar, G...
Modern malware often hide the malicious portion of their program code by making it appear as data at compiletime and transforming it back into executable code at runtime. This obf...
Paul Royal, Mitch Halpin, David Dagon, Robert Edmo...
With the advance of packing techniques, a few generic and automatic unpackers have been proposed. These unpackers are designed to automatically unpack packed binaries without speci...
—To handle the growing flood of malware, security vendors and analysts rely on tools that automatically identify and analyze malicious code. Current systems for automated malwar...
Paolo Milani Comparetti, Guido Salvaneschi, Engin ...
We present a novel technique that identifies the source compiler of program binaries, an important element of program provenance. Program provenance answers fundamental questions...
Nathan E. Rosenblum, Barton P. Miller, Xiaojin Zhu