Abstract
In recent years, the explosive increase of the number of malware has become a social problem. One of the reasons for the increase is the use of 'packers' to avoid detection of malware. A packer is software that can compress and encrypt a program while still remaining executable. Packers can compress and encrypt the malicious program code to avoid static detection, and uncompress itself when the program is executed to reconstruct the malicious code. Therefore, if the packed malware can be safely unpacked and unencrypted, then detection of the malware can be improved. In the current anti-virus software, pattern matching for specific virus signatures is the most common detection method. To complement this method, many anti-virus software apply heuristic detection methods. In this research, we propose a method to improve the detection rate of malware by unpacking an infected program, then scanning the unpacked memory image for virus signatures. We verified the effectiveness of the proposed method by comparing with the detection rate for static virus signature detection.
