Threat hunting doesn’t have to be difficult—Taking a proactive position with your cybersecurity
February 27, 2020
‘Never Trust, Always Verify’: Duo joins forces with AMP for Endpoint
February 28, 2020

New Research Paper: Prevalence and Impact of Low-Entropy Packing Schemes in the Malware Ecosystem

Detection of malware is a constant battle between the technologies designed to detect and prevent malware and the authors creating them. One common technique adversaries leverage is packing binaries. Packing an executable is similar to applying compression or encryption and can inhibit the ability of some technologies to detect the packed malware. High entropy is traditionally a tell-tale sign of the presence of a packer, but many malware analysts may have probably encountered low-entropy packers more than once. Numerous popular tools (e.g., PEiD, ManalyzeDetect It Easy), malware-related courses, and even reference books on the topic, affirm that packed malware often shows a high entropy. As a consequence, many researchers use this heuristic in their analysis routines. It is also well known that the tools typically used to detect packers are based on signature matching and may sometimes combine other heuristics, but again, the results are not completely faithful, as many of the signatures that circulate are prone to false positives

Read More >>

The post New Research Paper: Prevalence and Impact of Low-Entropy Packing Schemes in the Malware Ecosystem appeared first on Cisco Blogs.