Workflow of a PWM malware scanner analyzing an executable file
<p dir="ltr"><a href="https://github.com/Gagniuc/Antivirus-Engines" rel="noreferrer" target="_blank">Workflow of a PWM malware scanner analyzing an executable file</a>. The diagram illustrates the process used to evaluate the suspiciousness o...
Saved in:
| Main Author: | |
|---|---|
| Published: |
2025
|
| Subjects: | |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1852017338914701312 |
|---|---|
| author | Paul A. Gagniuc (1818325) |
| author_facet | Paul A. Gagniuc (1818325) |
| author_role | author |
| dc.creator.none.fl_str_mv | Paul A. Gagniuc (1818325) |
| dc.date.none.fl_str_mv | 2025-08-23T14:52:50Z |
| dc.identifier.none.fl_str_mv | 10.6084/m9.figshare.29963897.v2 |
| dc.relation.none.fl_str_mv | https://figshare.com/articles/figure/_b_Workflow_of_a_PWM_malware_scanner_analyzing_an_executable_file_b_/29963897 |
| dc.rights.none.fl_str_mv | CC BY 4.0 info:eu-repo/semantics/openAccess |
| dc.subject.none.fl_str_mv | Cryptography Data and information privacy Data security and protection Digital forensics Hardware security Software and application security System and network security Data engineering and data science Data models, storage and indexing Data quality Software architecture Data structures and algorithms Computational statistics Probability theory Statistical data science antivirus detection PWM file executable position weight matrix byte section values |
| dc.title.none.fl_str_mv | Workflow of a PWM malware scanner analyzing an executable file |
| dc.type.none.fl_str_mv | Image Figure info:eu-repo/semantics/publishedVersion image |
| description | <p dir="ltr"><a href="https://github.com/Gagniuc/Antivirus-Engines" rel="noreferrer" target="_blank">Workflow of a PWM malware scanner analyzing an executable file</a>. The diagram illustrates the process used to evaluate the suspiciousness of an executable file (file.exe). (A) Portion of the file containing executable code (.text Section), located within the initial part of the file. (B) A specific region within the .text section, representing the first 200 bytes starting from the entry point of the code. (C) Depiction of the 200-byte region in hexadecimal format. (D) A 256x200 matrix called the Position Weight Matrix (PWM), is used to evaluate the hexadecimal string, with rows corresponding to possible byte values and columns representing positions within the 200-byte region. (E) A numerical score calculated using the PWM, representing the result of the scan that provides a quantitative assessment of the potential maliciousness of the file. This comprehensive representation integrates various components of the scanning process, elucidating the method behind the evaluation of executable files for potential threats.</p><p dir="ltr"><b>References</b></p><p dir="ltr">Paul A. Gagniuc.<i> </i><a href="https://shop.elsevier.com/books/antivirus-engines/gagniuc/978-0-443-32952-4" rel="noreferrer" target="_blank"><i>Antivirus Engines: From Methods to Innovations and Applications</i></a><i>,</i><i> </i>Elsevier, Syngress, 2024, pp. 1-656.</p> |
| eu_rights_str_mv | openAccess |
| id | Manara_e1f249adaedf51d4ea86a271f487c4e9 |
| identifier_str_mv | 10.6084/m9.figshare.29963897.v2 |
| network_acronym_str | Manara |
| network_name_str | ManaraRepo |
| oai_identifier_str | oai:figshare.com:article/29963897 |
| publishDate | 2025 |
| repository.mail.fl_str_mv | |
| repository.name.fl_str_mv | |
| repository_id_str | |
| rights_invalid_str_mv | CC BY 4.0 |
| spelling | Workflow of a PWM malware scanner analyzing an executable filePaul A. Gagniuc (1818325)CryptographyData and information privacyData security and protectionDigital forensicsHardware securitySoftware and application securitySystem and network securityData engineering and data scienceData models, storage and indexingData qualitySoftware architectureData structures and algorithmsComputational statisticsProbability theoryStatistical data scienceantivirusdetectionPWMfileexecutablepositionweightmatrixbytesectionvalues<p dir="ltr"><a href="https://github.com/Gagniuc/Antivirus-Engines" rel="noreferrer" target="_blank">Workflow of a PWM malware scanner analyzing an executable file</a>. The diagram illustrates the process used to evaluate the suspiciousness of an executable file (file.exe). (A) Portion of the file containing executable code (.text Section), located within the initial part of the file. (B) A specific region within the .text section, representing the first 200 bytes starting from the entry point of the code. (C) Depiction of the 200-byte region in hexadecimal format. (D) A 256x200 matrix called the Position Weight Matrix (PWM), is used to evaluate the hexadecimal string, with rows corresponding to possible byte values and columns representing positions within the 200-byte region. (E) A numerical score calculated using the PWM, representing the result of the scan that provides a quantitative assessment of the potential maliciousness of the file. This comprehensive representation integrates various components of the scanning process, elucidating the method behind the evaluation of executable files for potential threats.</p><p dir="ltr"><b>References</b></p><p dir="ltr">Paul A. Gagniuc.<i> </i><a href="https://shop.elsevier.com/books/antivirus-engines/gagniuc/978-0-443-32952-4" rel="noreferrer" target="_blank"><i>Antivirus Engines: From Methods to Innovations and Applications</i></a><i>,</i><i> </i>Elsevier, Syngress, 2024, pp. 1-656.</p>2025-08-23T14:52:50ZImageFigureinfo:eu-repo/semantics/publishedVersionimage10.6084/m9.figshare.29963897.v2https://figshare.com/articles/figure/_b_Workflow_of_a_PWM_malware_scanner_analyzing_an_executable_file_b_/29963897CC BY 4.0info:eu-repo/semantics/openAccessoai:figshare.com:article/299638972025-08-23T14:52:50Z |
| spellingShingle | Workflow of a PWM malware scanner analyzing an executable file Paul A. Gagniuc (1818325) Cryptography Data and information privacy Data security and protection Digital forensics Hardware security Software and application security System and network security Data engineering and data science Data models, storage and indexing Data quality Software architecture Data structures and algorithms Computational statistics Probability theory Statistical data science antivirus detection PWM file executable position weight matrix byte section values |
| status_str | publishedVersion |
| title | Workflow of a PWM malware scanner analyzing an executable file |
| title_full | Workflow of a PWM malware scanner analyzing an executable file |
| title_fullStr | Workflow of a PWM malware scanner analyzing an executable file |
| title_full_unstemmed | Workflow of a PWM malware scanner analyzing an executable file |
| title_short | Workflow of a PWM malware scanner analyzing an executable file |
| title_sort | Workflow of a PWM malware scanner analyzing an executable file |
| topic | Cryptography Data and information privacy Data security and protection Digital forensics Hardware security Software and application security System and network security Data engineering and data science Data models, storage and indexing Data quality Software architecture Data structures and algorithms Computational statistics Probability theory Statistical data science antivirus detection PWM file executable position weight matrix byte section values |