Clandestiny
September 30th, 2003, 09:59
Hiya guys,
I am working on a very simplistic heuristic anti-virus scanner for a graduate course I'm taking. At present my focus is on static and statistical analysis of PE structure rather than dynamic analysis using emulation. As you all know, many packers make modifications to the PE structure similarly to viruses and there is a good possiblity for false positives from the packed / encrypted targets using only static analysis. I am thinking to incorporate a basic signature scanner for ruling out the false positives for packed programs. I realize that there are a number of packer identifiers out there and I was curious if there is a repository of packer "signatures" somewhere? I have to admit that its not particularly thrilling to me to contemplate d/ling and disasembling hundreds of packed programs looking for signature byte sequences
Thanks,
Clandestiny
I am working on a very simplistic heuristic anti-virus scanner for a graduate course I'm taking. At present my focus is on static and statistical analysis of PE structure rather than dynamic analysis using emulation. As you all know, many packers make modifications to the PE structure similarly to viruses and there is a good possiblity for false positives from the packed / encrypted targets using only static analysis. I am thinking to incorporate a basic signature scanner for ruling out the false positives for packed programs. I realize that there are a number of packer identifiers out there and I was curious if there is a repository of packer "signatures" somewhere? I have to admit that its not particularly thrilling to me to contemplate d/ling and disasembling hundreds of packed programs looking for signature byte sequences

Thanks,
Clandestiny