UNPACKING CODE PATTERN FROM PACKED BINARY EXECUTABLE USING EXECUTION UNIT PATTERN BASED SEQUENCE ALIGNMENT ANALYSIS Page 94 of 103 Bibliography “AV-TEST, The Independent IT-Security Institute.” , 2018, URL https://www. av-test.org/en/statistics/malware/. Al-Anezi, M. M. K., “Generic packing detection using several complexity analysis for accurate malware detection,” International journal of advanced computer science and applications, volume 5(1), 2015. Alimehr, L., “The performance of sequence alignment algorithms,” , 2013. Armadillo, “Armadillo, Overlays packer and obfuscator,” , 2017, URL http: //the-armadillo-software-protection-system.software.informer.com, (Date last accessed 1 March 2017). Banin, S., Shalaginov, A., and Franke, K., “Memory access patterns for malware detec- tion,” , 2016. Bazrafshan, Z., Hashemi, H., Fard, S. M. H., and Hamzeh, A., “A survey on heuris- tic malware detection techniques,” in “Information and Knowledge Technology (IKT), 2013 5th Conference on,” pp. 113–120, IEEE, 2013. Beek, C., Dinkar, D., Gund, Y., and Others, “McAfee Labs threats report,” McAfee Inc., Santa Clara, CA. Available: https://www.mcafee.com/us/resources/reports/rp- quarterly-threats-dec-2017.pdf, 2017. Bellard, F., “Qemu: Open source processor emulator, 2008,” URL http://savannah. nongnu. org/projects/qemu, 2009. Benninger, C. A., Maitland: analysis of packed and encrypted malware via paravirtu- alization extensions, Ph.D. thesis, University of Victoria, 2012. Berdajs, J. and Bosnic,´ Z., “Extending applications using an advanced approach to DLL injection and API hooking,” Software: Practice and Experience, volume 40(7) pp. 567– 584, 2010. Andy Asmoro UNPACKING CODE PATTERN FROM PACKED BINARY EXECUTABLE USING EXECUTION UNIT PATTERN BASED SEQUENCE ALIGNMENT ANALYSIS Page 95 of 103 Bergroth, L., Hakonen, H., and Raita, T., “A survey of longest common subsequence algorithms,” in “String Processing and Information Retrieval, 2000. SPIRE 2000. Pro- ceedings. Seventh International Symposium on,” pp. 39–48, IEEE, 2000. Blunden, B., The Rootkit arsenal: Escape and evasion in the dark corners of the system, Jones & Bartlett Publishers, 2012. Breitinger, F., Ziroff, G., Lange, S., and Baier, H., “Similarity Hashing Based on Lev- enshtein Distances,” in “IFIP International Conference on Digital Forensics,” pp. 133– 147, Springer, 2014. Brosch, T. and Morgenstern, M., “Runtime packers: The hidden problem,” Black Hat USA, 2006. Catalyurek, U., Ferreira, R., Kurc, T., Saltz, J., and Stahlberg, E., “Improving per- formance of multiple sequence alignment analysis in multi-client environments,” in “ipdps,” p. 0183b, IEEE, 2002. Chiras, D. D. et al., Human biology, Jones & Bartlett Publishers, 2013. Cho, I. K., Kim, T., Shim, Y. J., Park, H., Choi, B., and Im, E. G., “Malware Similarity Analysis using API Sequence Alignments.” J. Internet Serv. Inf. Secur., volume 4(4) pp. 103–114, 2014. Christensson, P., “Malware Definition,” , 2015, URL https://techterms.com/ definition/malware. Christodorescu, M. and Jha, S., “Static Analysis of Executables to Detect Malicious Patterns,” in “USENIX Security Symposium,” , 2003. Cresci, S., Di Pietro, R., Petrocchi, M., Spognardi, A., and Tesconi, M., “DNA-inspired online behavioral modeling and its application to spambot detection,” IEEE Intelligent Systems, volume 31(5) pp. 58–64, 2016. de Carvalho Junior, S. A., “Sequence alignment algorithms,” King’s College London, London, 2003. Devi, D. and Nandi, S., “Pe file features in detection of packed executables,” Interna- tional Journal of Computer Theory and Engineering, volume 4(3) p. 476, 2012. Andy Asmoro UNPACKING CODE PATTERN FROM PACKED BINARY EXECUTABLE USING EXECUTION UNIT PATTERN BASED SEQUENCE ALIGNMENT ANALYSIS Page 96 of 103 Dinaburg, A., Royal, P., Sharif, M., and Lee, W., “Ether: malware analysis via hardware virtualization extensions,” in “Proceedings of the 15th ACM conference on Computer and communications security,” pp. 51–62, ACM, 2008. Dolan-Gavitt, B. F., Hodosh, J., Hulin, P., Leek, T., and Whelan, R., “Repeatable reverse engineering for the greater good with panda,” , 2014. Drew, J., Hahsler, M., and Moore, T., “Polymorphic malware detection using sequence classification methods and ensembles,” EURASIP Journal on Information Security, vol- ume 2017(1) p. 2, 2017. Edgar, R. C., “MUSCLE: multiple sequence alignment with high accuracy and high throughput,” Nucleic acids research, volume 32(5) pp. 1792–1797, 2004. Egele, M., Scholte, T., Kirda, E., and Kruegel, C., “A survey on automated dy- namic malware-analysis techniques and tools,” ACM computing surveys (CSUR), vol- ume 44(2) p. 6, 2012. Elisan, C., Advanced Malware Analysis, McGraw-Hill Education, 2015, URL https: //books.google.co.id/books?id=17SUAwAAQBAJ. Fog, A., “Instruction tables: Lists of instruction latencies, throughputs and micro- operation breakdowns for Intel, AMD and VIA CPUs,” Copenhagen University College of Engineering, 2011. Fog, A., “The microarchitecture of Intel, AMD and VIA CPUs/An optimization guide for assembly programmers and compiler makers,” , 2012. FSG, “FSG 2.0, F[ast] S[mall] G[ood] perfect compressor for executable files,” , 2017, URL http://www.downloadpcsoft.com/Windows/Development/Other/ FSG_24767.html, (Date last accessed 1 March 2017). Guo, F., Ferrie, P., and Chiueh, T.-C., “A study of the packer problem and its solutions,” in “Recent Advances in Intrusion Detection,” pp. 98–115, Springer, 2008. Gusfield, D., Algorithms on strings, trees and sequences: computer science and com- putational biology, Cambridge university press, 1997. Andy Asmoro UNPACKING CODE PATTERN FROM PACKED BINARY EXECUTABLE USING EXECUTION UNIT PATTERN BASED SEQUENCE ALIGNMENT ANALYSIS Page 97 of 103 Hazelwood, K., “Dynamic binary modification: Tools, techniques, and applications,” Synthesis Lectures on Computer Architecture, volume 6(2) pp. 1–81, 2011. Jacob, G., Comparetti, P. M., Neugschwandtner, M., Kruegel, C., and Vigna, G., “A static, packer-agnostic filter to detect similar malware samples,” in “International Con- ference on Detection of Intrusions and Malware, and Vulnerability Assessment,” pp. 102–122, Springer, 2012. Jadhav, A., Vidyarthi, D., and Hemavathy, M., “Evolution of evasive malwares: A sur- vey,” in “Computational Techniques in Information and Communication Technologies (ICCTICT), 2016 International Conference on,” pp. 641–646, IEEE, 2016. Jordan, M., “Dealing with metamorphism,” Virus Bulletin, volume 1(10) pp. 4–6, 2002. Kang, B., Kim, T., Kwon, H., Choi, Y., and Im, E. G., “Malware classification method via binary content comparison,” in “Proceedings of the 2012 ACM Research in Applied Computation Symposium,” pp. 316–321, ACM, 2012. Kotualubun, Y. S., Hidden-Code Extraction From Packed Malware Using Memory Base Dynamic Analysis, Master’s thesis, Swiss German University, Indonesia, 2017. Landage, J. and Wankhade, M., “Malware and malware detection techniques: A survey,” International Journal of Engineering Research and Technology (IJERT), volume 2(12) pp. 2278–0181, 2013. Larkin, M. A., Blackshields, G., Brown, N., Chenna, R., McGettigan, P. A., McWilliam, H., Valentin, F., Wallace, I. M., Wilm, A., Lopez, R. et al., “Clustal W and Clustal X version 2.0,” bioinformatics, volume 23(21) pp. 2947–2948, 2007. Lengyel, T. K., Maresca, S., Payne, B. D., Webster, G. D., Vogl, S., and Kiayias, A., “Scalability, fidelity and stealth in the DRAKVUF dynamic malware analysis system,” in “Proceedings of the 30th Annual Computer Security Applications Conference,” pp. 386–395, ACM, 2014. Leong, J., “Automated static analysis of virtual-machine packers,” , 2013. Andy Asmoro UNPACKING CODE PATTERN FROM PACKED BINARY EXECUTABLE USING EXECUTION UNIT PATTERN BASED SEQUENCE ALIGNMENT ANALYSIS Page 98 of 103 Li, X., Loh, P. K., and Tan, F., “Mechanisms of polymorphic and metamorphic viruses,” in “Intelligence and Security Informatics Conference (EISIC), 2011 European,” pp. 149–154, IEEE, 2011, URL http://dx.doi.org/10.1109/EISIC.2011.77. Ligh, M., Adair, S., Hartstein, B., and Richard, M., Malware analyst’s cookbook and DVD: tools and techniques for fighting malicious code, Wiley Publishing, 2010. Lim, C., Kotualubun, Y. S., Ramli, K. et al., “Mal-Xtract: Hidden Code Extraction using Memory Analysis,” in “Journal of Physics: Conference Series,” volume 801, p. 012058, IOP Publishing, 2017. Lim, C., Sulistyan, D. Y., Ramli, K. et al., “Experiences in Instrumented Binary Analy- sis for Malware,” Advanced Science Letters, volume 21(10) pp. 3333–3336, 2015, URL https://doi.org/10.1166/asl.2015.6487. Lyda, R. and Hamrock, J., “Using entropy analysis to find encrypted and packed mal- ware,” IEEE Security & Privacy, volume 5(2), 2007. Mew, “MEW,” , 2017, URL http://www.softpedia.com/get/Programming/ Packers-Crypters-Protectors/MEW-SE.shtml, (Date last accessed 1 March 2017). Miller, C., Glendowne, D., Cook, H., Thomas, D., Lanclos, C., and Pape, P., “Insights gained from constructing a large scale dynamic analysis platform,” Digital Investiga- tion, volume 22 pp. S48–S56, 2017. Miloseviˇ c,´ N., “History of malware,” arXiv preprint arXiv:1302.5392, 2013. Molebox, “Molebox, a free executable compression and encryptor,” , 2017, URL https://molebox.en.softonic.com, (Date last accessed 1 March 2017). Moser, A., Kruegel, C., and Kirda, E., “Limits of static analysis for malware detection,” in “Computer security applications conference, 2007. ACSAC 2007. Twenty-third an- nual,” pp. 421–430, IEEE, 2007. Mousa, H. M., “DNA-Genetic Encryption Technique,” International Journal of Com- puter Network