A Malware and Variant Detection Method Using Function Call Graph Isomorphism

<table class="table-group" id="tab2"><tr><td><table class="table"><tr><td class="thead-hr" colspan="9"><hr/></td></tr><tr class="thead"><td class="align_left" rowspan="2">Packer</td><td class="align_center" colspan="4">notepad.exe</td><td class="align_center" colspan="4">calc.exe</td></tr><tr class="thead"><td class="align_center">Original size (k)</td><td class="align_center">Packed size (k)</td><td class="align_center">Unpacked size (k)</td><td class="align_center">Detection result</td><td class="align_center">Original size (k)</td><td class="align_center">Packed size (k)</td><td class="align_center">Unpacked size (k)</td><td class="align_center">Detection result</td></tr><tr><td class="thead-hr" colspan="9"><hr/></td></tr><tr><td class="align_left">UPX</td><td class="align_center" rowspan="9">65</td><td class="align_center">49</td><td class="align_center">124</td><td class="align_center">Yes</td><td class="align_center" rowspan="9">112</td><td class="align_center">55</td><td class="align_center">163</td><td class="align_center">Yes</td></tr><tr><td class="align_left">ASPack</td><td class="align_center">56</td><td class="align_center">99</td><td class="align_center">Yes</td><td class="align_center">70</td><td class="align_center">145</td><td class="align_center">Yes</td></tr><tr><td class="align_left">FSG</td><td class="align_center">46</td><td class="align_center">132</td><td class="align_center">Yes</td><td class="align_center">60</td><td class="align_center">191</td><td class="align_center">Yes</td></tr><tr><td class="align_left">MEW</td><td class="align_center">44</td><td class="align_center">128</td><td class="align_center">Yes</td><td class="align_center">56</td><td class="align_center">243</td><td class="align_center">No</td></tr><tr><td class="align_left">PE-PACK</td><td class="align_center">37</td><td class="align_center">96</td><td class="align_center">Yes</td><td class="align_center">45</td><td class="align_center">143</td><td class="align_center">Yes</td></tr><tr><td class="align_left">WinUPack</td><td class="align_center">44</td><td class="align_center">160</td><td class="align_center">Yes</td><td class="align_center">52</td><td class="align_center">215</td><td class="align_center">Yes</td></tr><tr><td class="align_left">ASProtect</td><td class="align_center">369</td><td class="align_center">69</td><td class="align_center">No</td><td class="align_center">373</td><td class="align_center">114</td><td class="align_center">No</td></tr><tr><td class="align_left">PackMan</td><td class="align_center">53</td><td class="align_center">124</td><td class="align_center">Yes</td><td class="align_center">69</td><td class="align_center">171</td><td class="align_center">Yes</td></tr><tr><td class="align_left">PECompact</td><td class="align_center">49</td><td class="align_center">112</td><td class="align_center">Yes</td><td class="align_center">56</td><td class="align_center">159</td><td class="align_center">Yes</td></tr><tr class="table-tr"><td colspan="9"><hr class="tbody-hr"/></td></tr></table></td></tr></table>

<div>Detection result of packed samples.</div>

Security and Communication Networks

tab2

Table 2

Table 2: A Malware and Variant Detection Method Using Function Call Graph Isomorphism 