Entry Point byte frequency
<p dir="ltr"><a href="https://github.com/Gagniuc/Antivirus-Engines" rel="noreferrer" target="_blank">Entry Point byte frequency</a>. This bar chart represents the most frequently occurring byte values at each position across multiple PE files...
Saved in:
| Main Author: | |
|---|---|
| Published: |
2025
|
| Subjects: | |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1852017338847592448 |
|---|---|
| author | Paul A. Gagniuc (1818325) |
| author_facet | Paul A. Gagniuc (1818325) |
| author_role | author |
| dc.creator.none.fl_str_mv | Paul A. Gagniuc (1818325) |
| dc.date.none.fl_str_mv | 2025-08-23T16:24:46Z |
| dc.identifier.none.fl_str_mv | 10.6084/m9.figshare.29963879.v2 |
| dc.relation.none.fl_str_mv | https://figshare.com/articles/figure/_b_Entry_Point_byte_frequency_b_/29963879 |
| dc.rights.none.fl_str_mv | CC BY 4.0 info:eu-repo/semantics/openAccess |
| dc.subject.none.fl_str_mv | Cryptography Data and information privacy Data security and protection Digital forensics Hardware security Software and application security System and network security Data engineering and data science Data mining and knowledge discovery Data models, storage and indexing Data quality Information extraction and fusion Coding, information theory and compression Data structures and algorithms static detection methods dynamic detection methods signatures malware antivirus |
| dc.title.none.fl_str_mv | Entry Point byte frequency |
| dc.type.none.fl_str_mv | Image Figure info:eu-repo/semantics/publishedVersion image |
| description | <p dir="ltr"><a href="https://github.com/Gagniuc/Antivirus-Engines" rel="noreferrer" target="_blank">Entry Point byte frequency</a>. This bar chart represents the most frequently occurring byte values at each position across multiple PE files from a selected directory. A) Each bar corresponds to one of the first 200 positions (only 60 are shown here) in the PE entry point, and the height of the bar indicates the highest frequency encountered on that specific position. The hexadecimal representation of the byte value is annotated above each bar. B) a zoom into the chart shows the first positions from the entry point a little closer (notice the blue rectangles pointing the regional correspondence between panel A) and panel B). The data provides insights into potential patterns or commonalities in the PE entry point across the sampled files. A simple look at the chart shows clear pattern de-limitations. Moreover, infected files will show very high frequencies for the positions they modify in order to make the infection functional. Thus, this is how this method is able to discriminate between an infected file and a clean one, namely it points out the positional frequency differences. This particular method is highly useful when hexadecimal signatures are formulated by the security researchers, helping them see where the virus made the changes.</p><p dir="ltr"><b>References</b></p><p dir="ltr">Paul A. Gagniuc.<i> </i><a href="https://shop.elsevier.com/books/antivirus-engines/gagniuc/978-0-443-32952-4" rel="noreferrer" target="_blank"><i>Antivirus Engines: From Methods to Innovations and Applications</i></a><i>,</i><i> </i>Elsevier, Syngress, 2024, pp. 1-656.</p><p><br></p> |
| eu_rights_str_mv | openAccess |
| id | Manara_f3c493316612bad9300a67a23de25906 |
| identifier_str_mv | 10.6084/m9.figshare.29963879.v2 |
| network_acronym_str | Manara |
| network_name_str | ManaraRepo |
| oai_identifier_str | oai:figshare.com:article/29963879 |
| publishDate | 2025 |
| repository.mail.fl_str_mv | |
| repository.name.fl_str_mv | |
| repository_id_str | |
| rights_invalid_str_mv | CC BY 4.0 |
| spelling | Entry Point byte frequencyPaul A. Gagniuc (1818325)CryptographyData and information privacyData security and protectionDigital forensicsHardware securitySoftware and application securitySystem and network securityData engineering and data scienceData mining and knowledge discoveryData models, storage and indexingData qualityInformation extraction and fusionCoding, information theory and compressionData structures and algorithmsstatic detection methodsdynamic detection methodssignaturesmalwareantivirus<p dir="ltr"><a href="https://github.com/Gagniuc/Antivirus-Engines" rel="noreferrer" target="_blank">Entry Point byte frequency</a>. This bar chart represents the most frequently occurring byte values at each position across multiple PE files from a selected directory. A) Each bar corresponds to one of the first 200 positions (only 60 are shown here) in the PE entry point, and the height of the bar indicates the highest frequency encountered on that specific position. The hexadecimal representation of the byte value is annotated above each bar. B) a zoom into the chart shows the first positions from the entry point a little closer (notice the blue rectangles pointing the regional correspondence between panel A) and panel B). The data provides insights into potential patterns or commonalities in the PE entry point across the sampled files. A simple look at the chart shows clear pattern de-limitations. Moreover, infected files will show very high frequencies for the positions they modify in order to make the infection functional. Thus, this is how this method is able to discriminate between an infected file and a clean one, namely it points out the positional frequency differences. This particular method is highly useful when hexadecimal signatures are formulated by the security researchers, helping them see where the virus made the changes.</p><p dir="ltr"><b>References</b></p><p dir="ltr">Paul A. Gagniuc.<i> </i><a href="https://shop.elsevier.com/books/antivirus-engines/gagniuc/978-0-443-32952-4" rel="noreferrer" target="_blank"><i>Antivirus Engines: From Methods to Innovations and Applications</i></a><i>,</i><i> </i>Elsevier, Syngress, 2024, pp. 1-656.</p><p><br></p>2025-08-23T16:24:46ZImageFigureinfo:eu-repo/semantics/publishedVersionimage10.6084/m9.figshare.29963879.v2https://figshare.com/articles/figure/_b_Entry_Point_byte_frequency_b_/29963879CC BY 4.0info:eu-repo/semantics/openAccessoai:figshare.com:article/299638792025-08-23T16:24:46Z |
| spellingShingle | Entry Point byte frequency Paul A. Gagniuc (1818325) Cryptography Data and information privacy Data security and protection Digital forensics Hardware security Software and application security System and network security Data engineering and data science Data mining and knowledge discovery Data models, storage and indexing Data quality Information extraction and fusion Coding, information theory and compression Data structures and algorithms static detection methods dynamic detection methods signatures malware antivirus |
| status_str | publishedVersion |
| title | Entry Point byte frequency |
| title_full | Entry Point byte frequency |
| title_fullStr | Entry Point byte frequency |
| title_full_unstemmed | Entry Point byte frequency |
| title_short | Entry Point byte frequency |
| title_sort | Entry Point byte frequency |
| topic | Cryptography Data and information privacy Data security and protection Digital forensics Hardware security Software and application security System and network security Data engineering and data science Data mining and knowledge discovery Data models, storage and indexing Data quality Information extraction and fusion Coding, information theory and compression Data structures and algorithms static detection methods dynamic detection methods signatures malware antivirus |