About This File
A foundational requirement in the security world is the capability to robustly parse and analyze Windows Portable Executable files. Coping with the full spectrum of PE's found in the wild is, in fact, quite challenging. While white files are typically well structured, malicious files can be quite difficult to analyze, often due to deliberate malformations intended to stymie static analysis. In this paper we will survey and attempt to classify some common and interesting malformations we have studied in our work at Sunbelt Software. We will analyze PE structural information, discuss the PE specification, and highlight specific hurdles we have overcome in the course of developing a parsing facility capable of dealing reliably with the full range of images found in the wild, especially malware. We will also cover specific problems we faced along the way, examine structural heuristics we've developed in the course of classifying common malformations, and include a discussion of some interesting tools and techniques we've developed.
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now