• Mar 26, 2024 News!Vol.16, No. 1 has been published with online version.   [Click]
  • Jan 02, 2024 News!All papers in IJET will be publihsed article by article staring from 2024.
  • Nov 03, 2023 News!News | Vol.15, No. 4 has been published with online version.   [Click]
General Information
    • ISSN: 1793-8236 (Online)
    • Abbreviated Title Int. J. Eng. Technol.
    • Frequency:  Quarterly 
    • DOI: 10.7763/IJET
    • Managing Editor: Ms. Jennifer Zeng
    • Abstracting/ Indexing: Inspec (IET), CNKI Google Scholar, EBSCO, ProQuest, Crossref, Ulrich Periodicals Directory, Chemical Abstracts Services (CAS), etc.
    • E-mail: ijet_Editor@126.com
Editor-in-chief
IJET 2016 Vol.8(2): 101-106 ISSN: 1793-8236
DOI: 10.7763/IJET.2016.V8.866

A Method for Shellcode Extractionfrom Malicious Document Files Using Entropy and Emulation

Kazuki Iwamoto and Katsumi Wasaki

Abstract—We propose a method for the dynamic analysis of malicious documents that can exploit various types of vulnerability in applications. Static analysis of a document can be used to identify the type of vulnerability involved. However, it can be difficult to identify unknown vulnerabilities, and the application may not be available even if we could identify the vulnerability. In fact, malicious code that is executed after the exploitation may not have a relationship with the type of vulnerability in many cases. In this paper, we propose a method that extracts and executes “shellcode” to analyze malicious documents without requiring identification of the vulnerability or the application. Our system extracts shellcode by executing byte sequences to observe the features of a document file in a priority order decided on the basis of entropy.Our system was used to analyze 88 malware samples and was able to extract shellcode from 74 samples. of these, 51 extracted shellcodes behaved as malicious software according to dynamic analysis.

Index Terms—Malware, shellcode, entropy, dynamic analysis, vulnerability.

Kazuki Iwamoto is with Advanced Research Laboratory at SecureBrain Corporation, Kojimachi RK Building 4F 2-6-7 Kojimachi, Chiyoda-ku Tokyo, Japan (e-mail: kazuki_iwamoto@securebrain.co.jp).
Katsumi Wasaki is with Interdisciplinary Graduate School of Science and Technology, Shinshu University, 4-17-1 Wakazato, Nagano-shi, Japan (e-mail: wasaki@cs.shinshu-u.ac.jp).

[PDF]

Cite: Kazuki Iwamoto and Katsumi Wasaki, "A Method for Shellcode Extractionfrom Malicious Document Files Using Entropy and Emulation," International Journal of Engineering and Technology vol. 8, no. 2, pp. 101-106, 2016.

Copyright © 2008-2024. International Journal of Engineering and Technology. All rights reserved. 
E-mail: ijet_Editor@126.com