Nowadays malware writers usually employ several obfuscation techniques to evade detection. The number of variants detected each day has been increasing significantly. Unfortunately traditional detection approaches such as signature scanning are becoming inefficient to detect such malwares. Researches show that these obfuscations make some anomalies in Portable Executable files. In this paper, by focusing on important static heuristic features and fuzzy classification algorithms, we tried to detect malwares and packed files. In addition, we used preprocessing to evade anomaly exceptions in benign files that improved our detection results. The experimental results, using over 63000 file samples, indicate that the proposed detector achieves high detection results with low false positive and false negative rates. Furthermore, our experimental results on new malware samples that had been undetectable for many years by antivirus products and new custom packers, show that our system works well with new and unknown samples too.

• 出版日期2015-11-25