Abstract—Run-time packers are often used by malware-writers
to obfuscate their code and hinder static analysis. The packer
problem has been widely studied, and several solutions have
been proposed in order to generically unpack protected binaries.
Nevertheless, these solutions commonly rely on a number of
assumptions that may not necessarily reflect the reality of the
packers used in the wild. Moreover, previous solutions fail to
provide useful information about the structure of the packer or
its complexity. In this paper, we describe a framework for packer
analysis and we propose a taxonomy to measure the runtime
complexity of packers.
We evaluated our dynamic analysis system on two datasets,
composed of both off-the-shelf packers and custom packed
binaries. Based on the results of our experiments, we present
several statistics about the packers complexity and their evolution
over time
more here..........http://paginaspersonales.deusto.es/isantos/publications/2015/ugarte_2015_DeepPacker.pdf
to obfuscate their code and hinder static analysis. The packer
problem has been widely studied, and several solutions have
been proposed in order to generically unpack protected binaries.
Nevertheless, these solutions commonly rely on a number of
assumptions that may not necessarily reflect the reality of the
packers used in the wild. Moreover, previous solutions fail to
provide useful information about the structure of the packer or
its complexity. In this paper, we describe a framework for packer
analysis and we propose a taxonomy to measure the runtime
complexity of packers.
We evaluated our dynamic analysis system on two datasets,
composed of both off-the-shelf packers and custom packed
binaries. Based on the results of our experiments, we present
several statistics about the packers complexity and their evolution
over time
more here..........http://paginaspersonales.deusto.es/isantos/publications/2015/ugarte_2015_DeepPacker.pdf