- Notifications
You must be signed in to change notification settings - Fork0
hungpthanh/oep-detection-based-on-graph-similarity
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
- The official source code for the paper "Original Entry Point detection based on graph similarity"
- This code is undergoing a refactoring process
- This code is for research purposes only
- Python >= 3.7
- networkx 2.6.3
- PyGraphviz
- data:https://drive.google.com/file/d/1PPfADJnTPACcaqwzl1F6PdSsCzDPoloU/view?usp=sharing. (Put it under oep-detection folder)
- test_Gunpacker:https://drive.google.com/file/d/1Mt7ob_eYatPsKxCBPTq6qBMVSH660bjR/view?usp=sharing
- check_virustotal:https://drive.google.com/file/d/1pDg04V_NoXagZSj97nghNXz7Q5K5dpfp/view?usp=sharing
- log_be_pum_malware_all:https://drive.google.com/file/d/1t4NBAfvUEu8h417HeQ3CY4RY4BWTdC_N/view?usp=sharing
- Our method and BE-PUM run this command line:
python graph_based_method.py --log_path logs/graph_based_method9
- Packer identification by VirusTotal and PyPackerDetect
Note: Change the path of folder "check_virustotal" and "test_Gunpacker" in the code.
python tools/packer_identification_others.py
- OEP detection by Gunpacker and QuickUnpack
Note: Change the path of folder "check_virustotal" and "test_Gunpacker" in the code.
Gunpacker:python tools/packer_identification_others.pyQuickUnpack:python tools/OEP_detection_QuickUnpack.py
- Packer identification and OEP detection on malware samples:
Change the path of "log_be_pum_malware_all" in the code
python tools/malware_inference.py
sh scripts/running_[packer_name].sh
For example:
sh scripts/running_upx.sh
Delete "end_of_unpacking_sequence.txt" before running
python standard_graph_construction.py
About
Original Entry Point detection based on graph similarity
Topics
Resources
Uh oh!
There was an error while loading.Please reload this page.
Stars
Watchers
Forks
Packages0
No packages published
Uh oh!
There was an error while loading.Please reload this page.