It is the 4th November and I have only received criticism by good old Dr. m0rph for half of my thesis (thank you <3).
Although I sent it to probably five people, I got nothing else. I am a bit dissappointed. I didn't expect anyone to read the whole thesis, but after trusting you with my unfinished work, I expected at least a few pages.
I have now an abstract and a conclusion, which both really need to sound great, because they are usually read at first.
If there is anyone willing to proofread it this week, hit me up. The conclusion is only three pages.
The abstract is no secret, so I am going to post it just here:
The Portable Executable (PE) format is an architectural independent file format for 32 and 64-bit Windows operating systems. PE format related properties that violate conventions or the specification are called PE malformations. They can cause problems to any program that parses PE files, among others, crashes, refusal to read the file, extracting and displaying wrong information, and inability to parse certain structures. Malware authors use PE malformations to avoid or prolong malware analysis and evade detection by antivirus scanners.
This master thesis analyses PE malformations and presents robust PE parsing algorithms. A static analysis library for PE files named PortEx serves as example. The library is hardened successfully against 103275 PE malware samples and a collection of 269 malformed proof-of-concept files. PortEx is also used to extract statistical information about malicious and non-malicious files, including anomalies in the PE format. The author identifies 26 anomalies as possibly new properties for heuristic analysis.
