Analysing packed and encrypted malware using binary analysis

Authors

  • Disina, A. H. Cyber Security Department, Nigerian Army University Biu, Borno State Nigeria Author
  • Adamu, A. Cyber Security Department, Nigerian Army University Biu, Borno State Nigeria Author
  • Mohammad, N. Department of Electronics and Telecommunication Engineering, Airforce Institute of Technology, Kaduna State Nigeria Author
  • Gangkwi, B. J. Cyber Security Department, Nigerian Army University Biu, Borno State Nigeria Author
  • Yunusa, A. A. Computer Science department, Nigerian Army University Biu, Borno State Nigeria Author

Keywords:

Binary analysis, Malware detection, Opcode profiling, Static analysis

Abstract

The increasing use of packing and encryption techniques in malware poses a major challenge to traditional signature-based antivirus systems. The aim of this study presents a lightweight static analysis framework for detecting executables that employ evasion strategies such as packing and encryption. The methodology integrates entropy measurement, section header analysis, opcode frequency profiling, and import table inspection to identify concealed malicious behaviour without executing the sample. The system was implemented in Python using PEfile, Capstone, Tkinter, and Matplotlib. Testing with benign, packed, and encrypted executables demonstrated effective differentiation between normal and obfuscated binaries, achieving an overall detection accuracy of 91.7%. The proposed system provides a transparent and resource-efficient solution suitable for academic environments, malware research, and preliminary digital forensic investigations. This research will reduce the threats posed by the malwares, adversaries and will ensure safety and security in the digital world.

Downloads

Published

2026-01-31

Issue

Vol. 4 No. 01 (2026): Savannah Journal of Science and Engineering Technology

Section

Articles