Skip to main content
SpringerLink
Log in

Unpacking Malware

  • Reference work entry
Encyclopedia of Cryptography and Security

  • 148 Accesses

Synonyms

Deobfuscating malware

Definition

Unpacking is the process of recovering original binary code from the obfuscated and packed binaries.

Background

Packing is the process of obfuscating the original binary with high number of redirections and complex mesh of stub codes into a new packed binary that are completely different from the original binary. The packing is often used in malware binary in order to make the reversing of the binary far more difficult and time-consuming.

Theory and Application

There have been numerous efforts in developing automated unpacking systems. An early implementation of an automatic unpacking process relies on the use of a debugger to step through each instruction of the packed binary in order to determine when the binary begins to execute code not originally found in the packed binary. For example, the principle behind the PolyUnpack [1] system relies on the fact that packed binaries do not contain the unpacked binary’s code at start-up. In other...

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 799.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 949.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Recommended Reading

  1. Royal P, Halpin M, Dagon D, Edmonds R, Lee W (2006) Polyunpack: automating the hidden-code extraction of unpack-executing malware. In: Proceedings of the 22nd annual computer security applications conference (ACSAC), Miami Beach, December 2006

    Google Scholar 

  2. Guo F, Ferrie P, Chiueh T (2008) A study of the packer problem and its solutions. In: 11th international symposium on recent advances in intrusion detection Raid 2008, Cambridge, 15–17 Sep 2008

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Applied Information Technology and Centre for Secure Information Systems, The Volgenau School of Engineering, George Mason University, Fairfax, VA, USA

    Brent Byung Hoon Kang (Prof.)

  2. The Volgenau School of Engineering and IT, Centre for Secure Information Systems, George Mason University, 4400 University Drive, 22030, Fairfax, VA, USA

    Greg Sinclair

Authors
  1. Brent Byung Hoon Kang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Greg Sinclair
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Mathematics and Computing Science, Eindhoven University of Technology, 5600 MB, Eindhoven, The Netherlands

    Henk C. A. van Tilborg

  2. Center for Secure Information Systems, George Mason University, Fairfax, VA, 22030-4422, USA

    Sushil Jajodia

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer Science+Business Media, LLC

About this entry

Cite this entry

Hoon Kang, B.B., Sinclair, G. (2011). Unpacking Malware. In: van Tilborg, H.C.A., Jajodia, S. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-5906-5_851

Download citation

Publish with us

Policies and ethics

Search

Navigation