Research Article
All-in-One Framework for Detection, Unpacking, and Verification for Malware Analysis
Figure 5
Entropy distributions of the EP section for original and representative packed files. (a) Average of original and 19 packers. (b) Original (not packed). (c) UPX. (d) ASPack. (e) NSPack. (f) MPRESS. (g) Yoda’s Protector. (h) RLPack. (i) BeroEXE. (j) MEW. (k) PACKMAN. (l) WinUpack. (m) exe32pack.
| (a) |
| (b) |
| (c) |
| (d) |
| (e) |
| (f) |
| (g) |
| (h) |
| (i) |
| (j) |
| (k) |
| (l) |
| (m) |