作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2012, Vol. 38 ›› Issue (12): 118-121. doi: 10.3969/j.issn.1000-3428.2012.12.035

• 安全技术 • 上一篇    下一篇

基于特征码的PE文件自动免杀策略

吴伟民,范炜锋,王志月,李晓峰,黄健炜   

  1. (广东工业大学计算机学院,广州 510006)
  • 收稿日期:2011-08-01 出版日期:2012-06-20 发布日期:2012-06-20
  • 作者简介:吴伟民(1956-),男,教授,主研方向:软件安全,数据结构与算法,可视计算;范炜锋、王志月,硕士研究生;李晓峰、黄健炜,本科生

PE File Auto Free-antivirus Strategy Based on Characteristic Code

WU Wei-min, FAN Wei-feng, WANG Zhi-yue, LI Xiao-feng, HUANG Jian-wei   

  1. (Faculty of Computer, Guangdong University of Technology, Guangzhou 510006, China)
  • Received:2011-08-01 Online:2012-06-20 Published:2012-06-20

摘要: 设计一种以逐块恢复法替代传统逐块替换法的特征码定位算法,在此基础上提出一种针对不同区段进行自动免杀的策略。将该策略与改进的多重特征码定位算法相结合,在保持被免杀软件原有功能的前提下,使用等价代码替换技术、字符串与输入表函数名位移等方法自动进行特征码的去除和替换,由此避免被杀毒软件识别为恶意软件。实验结果验证了该策略的有效性。

关键词: 特征码, 定位, 免杀, PE文件, 等价代码替换, 输入表

Abstract: This paper designs a characteristic code locating algorithm by using block-by-block recovery method instead of replacement method and proposes an auto free-antivirus strategy based on different PE sections. Under the premise of maintaining the original functionality of software after being modified to avoid killing, the combination of the strategy and the improved multi-characteristic code, it uses the equivalent code replacement, shifting methods of string and import table functions to automatically remove and replace the characteristic codes in tempt to avoid killing by anti-virus software. Experimental results verify the effectiveness of the strategy.

Key words: characteristic code, locating, free-antivirus, PE file, equivalent code replacement, import table

中图分类号: