Research Article
All-in-One Framework for Detection, Unpacking, and Verification for Malware Analysis
| Input: A PE file | | Output: Packed or Not-Packed //Packing detection result | | begin | (1) | if No EP Section then return Packed; //DP-NEP | (2) | else if Packer Signature Found then return Packed; //DP-SIG | (3) | else if “WRITE” enabled and EP Section Entropy Packing-Range then | (4) | return Packed; //DP-WR, DP-ENT | (5) | else return Not-Packed; | (6) | end-if | | end |
|