Packed malware is a serious threat to computers, but the proposed PEAL method can accurately identify packed and native executables, reducing the overall execution time of AV.

The proliferation of packed malware has posed a serious threat to computers connected to Internet across the globe. Packers are popular tools used by malware authors to hide malicious payloads that bypass traditional signature antiviruses (AV). Packing being the easiest way to defeat signature based detection, unpacking of samples is important. As unpacking is a time consuming pro- cess, it reduces overall efficiency of AV scanner. Unpacking is a compulsory step in malware analysis, else it would increase the rate of false alarms and misses. In this paper we propose PEAL, a pre---processing phase to identify packed executables from a set of packed and native files. Our method reduces overall execution time of AV by filtering packed samples from non-packed. Experimental results show that the proposed method is capable of identifying packed and native executables with high accuracy.

Packed malware is a serious threat to computers, but the proposed PEAL method can accurately identify packed and native executables, reducing the overall execution time of AV.

PEAL - Packed Executable AnaLysis