Packer Genetics: The Selfish Code presented at SyScan 2010

by Tora ,

Tags: Security Malware

Summary : As the title suggests, we will be talking about genetics. Not human
genetics but the gene concept applied to executable files. We will use
that concept to see what completely different executables have in
common and how we can use that knowledge to build a generic unpacker,
and generic in a way that we will not use any special case to handle
any packer. Running inside a x86 emulator like Bochs, makes the tool
quite useful for automated malware unpacking.u5c31u5982u6a19u984cu6240u793auff0cu6211u5011u5c07u6703u8a0eu8ad6u95dcu65bcu57fau56e0u7684u8b70u984cu3002u9019u88e1u6307u7684u4e0du662fu4ebau985eu57fau56e0u5b78uff0cu800cu662fu88abu61c9u7528u5728u57f7u884cu6a94u6848u7684u57fau56e0u6982u5ff5u3002u6211u5011u6703u7528u9019u500bu6982u5ff5u4f86u89e3u8b80u5169u500bu5b8cu5168u4e0du540cu57f7u884cu6a94u6709u4ec0u9ebcu76f8u540cu4e4bu8655uff0cu4e26u5229u7528u9019u6a23u7684u539fu7406u4f86u5275u9020u4e00u500bu901au7528u7684u89e3u5c01u5305u7a0bu5f0fuff0cu800cu901au7528u7684u610fu601du5c31u662fu6211u5011u4e0du6703u4f7fu7528u4efbu4f55u7279u6b8au6848u4f8bu4f86u8655u7406u4efbu4f55u5c01u5305u8edfu9ad4u3002u5728u50cfu662fBochsu7684X86u6a21u64ecu5668u4e0au904bu4f5cuff0cu4f7fu5f97u9019u500bu5de5u5177u5728u81eau52d5u7834u89e3u60e1u610fu8edfu9ad4u4e0au76f8u7576u6709u7528u3002