A binary packer has commonly been used to protect the original code inside the binary executables from being detected as malicious code by anti-malware software. Various methods of unpacking packed binary executables have been extensively studied, and several unpacking approaches have been proposed. Some of these solutions depend on various assumptions, which may limit their effectiveness. Here, a new method of memory analysis technique, called Mal-Flux, is proposed to determine the end of unpacking routine to allow hidden code extraction from the packed binary executables. Our experiments show that our method provides better performance than previous works in extracting the hidden-code from the packed binary executables.

二进制打包程序通常用于保护二进制可执行文件中的原始代码，以防反恶意软件将其检测为恶意代码。已经广泛研究了各种解压缩二进制可执行文件的方法，并且已经提出了几种解压缩方法。其中一些解决方案取决于各种假设，这可能会限制其有效性。在这里，提出了一种称为Mal-Flux的内存分析技术的新方法，用于确定解压缩例程的结束，以允许从压缩的二进制可执行文件中提取隐藏代码。我们的实验表明，从压缩的二进制可执行文件中提取隐藏代码时，我们的方法比以前的工作提供了更好的性能。