PE-Header-Based Malware Study and Detection
In this paper, the author present a simple and faster approach to distinguish between malware and legitimate .exe files by simply looking at properties of the MS Windows Portable Executable (PE) headers. They extract distinguishing features from the PEheaders using the structural information standardized by the Microsoft Windows operating system for executables. The author use the following three methodology: collect a large dataset of malware .exe and legitimate .exe from the two website, www.downloads.com and www.softpedia.com by using a Web-Spider, use a PE-Header-Parser to extract the features of each header field, compare and find the most significant difference between malware and legitimate .exe files, use a Icon-Extractor to extract the icons from the PE, find the most prevalent icons from the malware .exe files.
Subscribe to the Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays