Entry Point byte frequency

Entry Point byte frequency

<p dir="ltr"><a href="https://github.com/Gagniuc/Antivirus-Engines" rel="noreferrer" target="_blank">Entry Point byte frequency</a>. This bar chart represents the most frequently occurring byte values at each position across multiple PE files...

Full description

Saved in:
Bibliographic Details
Main Author: Paul A. Gagniuc (1818325) (author)
Published: 2025
Subjects:
Cryptography
Data and information privacy
Data security and protection
Digital forensics
Hardware security
Software and application security
System and network security
Data engineering and data science
Data mining and knowledge discovery
Data models, storage and indexing
Data quality
Information extraction and fusion
Coding, information theory and compression
Data structures and algorithms
static detection methods
dynamic detection methods
signatures
malware
antivirus
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:<p dir="ltr"><a href="https://github.com/Gagniuc/Antivirus-Engines" rel="noreferrer" target="_blank">Entry Point byte frequency</a>. This bar chart represents the most frequently occurring byte values at each position across multiple PE files from a selected directory. A) Each bar corresponds to one of the first 200 positions (only 60 are shown here) in the PE entry point, and the height of the bar indicates the highest frequency encountered on that specific position. The hexadecimal representation of the byte value is annotated above each bar. B) a zoom into the chart shows the first positions from the entry point a little closer (notice the blue rectangles pointing the regional correspondence between panel A) and panel B). The data provides insights into potential patterns or commonalities in the PE entry point across the sampled files. A simple look at the chart shows clear pattern de-limitations. Moreover, infected files will show very high frequencies for the positions they modify in order to make the infection functional. Thus, this is how this method is able to discriminate between an infected file and a clean one, namely it points out the positional frequency differences. This particular method is highly useful when hexadecimal signatures are formulated by the security researchers, helping them see where the virus made the changes.</p><p dir="ltr"><b>References</b></p><p dir="ltr">Paul A. Gagniuc.<i> </i><a href="https://shop.elsevier.com/books/antivirus-engines/gagniuc/978-0-443-32952-4" rel="noreferrer" target="_blank"><i>Antivirus Engines: From Methods to Innovations and Applications</i></a><i>,</i><i> </i>Elsevier, Syngress, 2024, pp. 1-656.</p><p><br></p>

Similar Items