Dec 13, 2016 18:00
7 yrs ago
English term
unpacked malicious code
English to French
Tech/Engineering
Computers (general)
Bonsoir,
Comment traduiriez "unpacked malicious code", qui apparaît dans le contexte suivant ?
La solution de sécurité intervient au niveau de l'espace utilisateur, "addressing normal processes of the user applications and attacks, such as code injection, unpacked malicious code, exploits, function detouring."
Merci d'avance pour vos suggestions :)
Comment traduiriez "unpacked malicious code", qui apparaît dans le contexte suivant ?
La solution de sécurité intervient au niveau de l'espace utilisateur, "addressing normal processes of the user applications and attacks, such as code injection, unpacked malicious code, exploits, function detouring."
Merci d'avance pour vos suggestions :)
Proposed translations
(French)
| 4 +1 | code malveillant [sous forme] déballé[e] |
Daryo
|
| 4 | code malveillant décompressé |
GILLES MEUNIER
|
References
| what is packed malware? |
FX Fraipont (X)
|
Proposed translations
+1
56 mins
Selected
code malveillant [sous forme] déballé[e]
we don't know for sure if the malicious code was compressed or encrypted (more likely) / or both - "unpacked" would apply to both cases
compressed but unencrypted files can be read/scanned relatively easily - that will not be hiding much the malicious code.
--------------------------------------------------
Note added at 59 mins (2016-12-13 19:00:12 GMT)
--------------------------------------------------
....
« Le logiciel malveillant généré par Tox est compilé en MinGW et utilise un chiffrement AES pour chiffrer les fichiers clients via la bibliothèque Crypto++. CryptoAPI de Microsoft est utilisé pour la génération de clé », explique McAfee. Les experts ont soulignés que plusieurs acteurs dans le marché pourraient s’inspirer de ce modèle de vente et ils s’attendent à ce que les logiciels développés deviennent de plus en plus perfectionnés.
http://www.developpez.com/actu/85827/Comment-creer-votre-log...
compressed but unencrypted files can be read/scanned relatively easily - that will not be hiding much the malicious code.
--------------------------------------------------
Note added at 59 mins (2016-12-13 19:00:12 GMT)
--------------------------------------------------
....
« Le logiciel malveillant généré par Tox est compilé en MinGW et utilise un chiffrement AES pour chiffrer les fichiers clients via la bibliothèque Crypto++. CryptoAPI de Microsoft est utilisé pour la génération de clé », explique McAfee. Les experts ont soulignés que plusieurs acteurs dans le marché pourraient s’inspirer de ce modèle de vente et ils s’attendent à ce que les logiciels développés deviennent de plus en plus perfectionnés.
http://www.developpez.com/actu/85827/Comment-creer-votre-log...
Note from asker:
| Merci Daryo :) |
4 KudoZ points awarded for this answer.
Comment: "Merci Daryo :)"
20 mins
code malveillant décompressé
Eh bien, j'avais peur qu'ils aient utilisé un code de brouillage, mais non. ... quelqu'un avait effectivement posté un code décompressé qui correspondait à ce que
--------------------------------------------------
Note added at 21 minutes (2016-12-13 18:22:02 GMT)
--------------------------------------------------
https://doc.ubuntu-fr.org/dpkg
--------------------------------------------------
Note added at 21 minutes (2016-12-13 18:22:02 GMT)
--------------------------------------------------
https://doc.ubuntu-fr.org/dpkg
Note from asker:
| Merci Gilou :) |
Peer comment(s):
| neutral |
Daryo
: not quite - the hidden/unrecognisable form of the malicious code was more likely encrypted rather than compressed
20 mins
|
Reference comments
3 hrs
Reference:
what is packed malware?
packed or repacked malware is malware that has been modified using a runtime compression (or encryption) program...
runtime compression programs compress an executable file and prepend or *append a stub to the file containing the code to decompress it at runtime...
malware authors (or even just people deploying malware) use this functionality as a cheap and easy way to turn a known piece of malware into something 'new' that no one has ever seen before and that known-malware scanners can't detect... this is one of the many possible ways to implement the transformation function of server-side polymorphism...
although the malware is transformed in a manner similar to how conventional polymorphic viruses transformed themselves, the generic solution that worked so well for polymorphism doesn't necessarily work as well for packed malware because the size of todays malware combined with the potential to chain multiple packing transformations together make the amount of work necessary to emulate the full unpacking operation much more expensive and time consuming in comparison... that said, dynamic translation promises speed improvements over conventional emulation so that generic unpacking may still be workable...
http://anti-virus-rants.blogspot.be/2008/06/what-is-packed-m...
--------------------------------------------------
Note added at 3 hrs (2016-12-13 21:29:56 GMT)
--------------------------------------------------
Packed malicious programs (malware) pose a sig-
nificant problem in malware analysis, detection, and
forensics. Such programs consist of a decompression
or decryption routine that extracts the garbled payload
from memory and then executes it. We use the term
packed and its variations to refer to malware whose pay-
load is either compressed or encrypted. This unpacking
routine can be invoked once, in which case the whole
payload is extracted to memory in a single step, or mul-
tiple times, when parts of the payload are extracted to
memory at different times. For a security analyst, this
means that the program has to be executed in a con-
tained yet accurate environment before an analysis of
the payload can be performed. For a malware detector,
this means that the scanning for malicious code has to
be postponed until after the start of execution, i.e., when
the program has unpacked its payload.
OmniUnpack: Fast, Generic, and Safe Unpacking of Malware
https://wiki.smu.edu.sg/flyer/images/2/26/OmniUnpack.pdf
runtime compression programs compress an executable file and prepend or *append a stub to the file containing the code to decompress it at runtime...
malware authors (or even just people deploying malware) use this functionality as a cheap and easy way to turn a known piece of malware into something 'new' that no one has ever seen before and that known-malware scanners can't detect... this is one of the many possible ways to implement the transformation function of server-side polymorphism...
although the malware is transformed in a manner similar to how conventional polymorphic viruses transformed themselves, the generic solution that worked so well for polymorphism doesn't necessarily work as well for packed malware because the size of todays malware combined with the potential to chain multiple packing transformations together make the amount of work necessary to emulate the full unpacking operation much more expensive and time consuming in comparison... that said, dynamic translation promises speed improvements over conventional emulation so that generic unpacking may still be workable...
http://anti-virus-rants.blogspot.be/2008/06/what-is-packed-m...
--------------------------------------------------
Note added at 3 hrs (2016-12-13 21:29:56 GMT)
--------------------------------------------------
Packed malicious programs (malware) pose a sig-
nificant problem in malware analysis, detection, and
forensics. Such programs consist of a decompression
or decryption routine that extracts the garbled payload
from memory and then executes it. We use the term
packed and its variations to refer to malware whose pay-
load is either compressed or encrypted. This unpacking
routine can be invoked once, in which case the whole
payload is extracted to memory in a single step, or mul-
tiple times, when parts of the payload are extracted to
memory at different times. For a security analyst, this
means that the program has to be executed in a con-
tained yet accurate environment before an analysis of
the payload can be performed. For a malware detector,
this means that the scanning for malicious code has to
be postponed until after the start of execution, i.e., when
the program has unpacked its payload.
OmniUnpack: Fast, Generic, and Safe Unpacking of Malware
https://wiki.smu.edu.sg/flyer/images/2/26/OmniUnpack.pdf
Note from asker:
| Merci FX pour ces informations :) |
Something went wrong...