Research Article
All-in-One Framework for Detection, Unpacking, and Verification for Malware Analysis
| | Input: A PE file | | | Output: Packed or Not-Packed //Packing detection result | | | begin | | (1) | if No EP Section then return Packed; //DP-NEP | | (2) | else if Packer Signature Found then return Packed; //DP-SIG | | (3) | else if “WRITE” enabled and EP Section Entropy Packing-Range then | | (4) | return Packed; //DP-WR, DP-ENT | | (5) | else return Not-Packed; | | (6) | end-if | | | end |
|
