Article thumbnail

PolyPack: An Automated Online Packing Service for Optimal Antivirus Evasion

By Jon Oberheide, Michael Bailey and Farnam Jahanian

Abstract

Packers have long been a valuable tool in the toolbox of offensive users for evading the detection capabilities of signature-based antivirus engines. However, selecting the packer that results in the most effective evasion of antivirus engines may not be a trivial task due to diversity in the capabilities of both antivirus and packers. In this paper, we propose the creation of an online automated service, called PolyPack, that uses an array of packers and antivirus engines as a feedback mechanism to select the packer that will result in the optimal evasion of the antivirus engines. Towards understanding the utility and efficacy of such a service, we construct an implementation of PolyPack which employs 10 packers and 10 popular antivirus engines. We show that PolyPack provides 258 % more effective evasion of antivirus engines than using an average packer and out-evades the best evaluated packer (Themida) for over 40 % of the binary samples.

Year: 2010
OAI identifier: oai:CiteSeerX.psu:10.1.1.153.7002
Provided by: CiteSeerX
Download PDF:
Sorry, we are unable to provide the full text but you may find it at the following location(s):
  • http://citeseerx.ist.psu.edu/v... (external link)
  • http://www.eecs.umich.edu/~mib... (external link)
  • Suggested articles


    To submit an update or takedown request for this paper, please submit an Update/Correction/Removal Request.