{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,11,3]],"date-time":"2025-11-03T13:39:53Z","timestamp":1762177193714},"reference-count":36,"publisher":"IGI Global","issue":"2","content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2019,4,1]]},"abstract":"<p>Malware is a malicious software that can contaminate communication devices, where information can be lost, encrypting or deleting the sensitive data, altering or hijacking core computing activities and monitoring a user's computer activity without proper authorization. Analyzing the behavior of any new type of malware, that threatens the security of information is the challenging task. Previous studies and research has used static and dynamic based analysis. Althrough there are various methods to analysis the behaviour of the malware, the innovation of new technology lead to undesirable growth of malware. A procedure to analyze the characteristics and its nature is the need of the day. To mitigate this issue, malware specific procedures need to be evolved by analysing its behaviour. In this article, the authors present a heuristic-based malware static analysis testing (HMST) through a six step process including hash verification, PE structure analysis, packer signature analysis, entropy analysis, antivirus check and string analysis. Heuristic-based malware static analysis (MSA) depends on the six characterstics. The six characteristics sequence is quantified mathematially. Hash verification is presented as a dynamic function, PE structure analysis (PESA) as the functional string, Packer Signature (PS) by functional boundedness, Entropy Analysis (EA) with probability, antivirus check (AC) of the discrete lagorthm-bit representation and string analysis (SA) lies with the comutational complexity. Hence, an optimized string is proposed for transmitting securely. CFF Explorer, BinText, PeID, DIE and VirusTotal are used for analyzing the behavior of the samples in this study.<\/p>","DOI":"10.4018\/ijisp.2019040106","type":"journal-article","created":{"date-parts":[[2019,4,4]],"date-time":"2019-04-04T14:06:54Z","timestamp":1554386814000},"page":"86-103","source":"Crossref","is-referenced-by-count":4,"title":["A Mathematical Model of HMST Model on Malware Static Analysis"],"prefix":"10.4018","volume":"13","author":[{"given":"Satheesh","family":"Abimannan","sequence":"first","affiliation":[{"name":"VIT University, Vellore, India"}]},{"family":"Kumaravelu R.","sequence":"additional","affiliation":[{"name":"VIT University, Vellore, India"}]}],"member":"2432","reference":[{"key":"IJISP.2019040106-0","year":"2015","journal-title":"Alcatel-Lucent malware report shows significant rise in mobile infections via PCs and adware in first six months of 2015"},{"key":"IJISP.2019040106-1","unstructured":"Aldeid wiki. (n.d.). PEiD. Retrieved from https:\/\/www.aldeid.com\/wiki\/PEiD"},{"key":"IJISP.2019040106-2","doi-asserted-by":"crossref","unstructured":"Aman, W. (2014). A framework for analysis and comparison of dynamic malware analysis tools. International Journal of Network Security & Its Applications, 6(5).","DOI":"10.5121\/ijnsa.2014.6505"},{"key":"IJISP.2019040106-3","unstructured":"AV-Test. (n.d.). Malware statistics. Retrieved from https:\/\/www.av-test.org\/en\/statistics\/malware\/"},{"key":"IJISP.2019040106-4","first-page":"5","article-title":"Analyzing memory accesses in x86 executables.","author":"G.Balakrishnan","year":"2004","journal-title":"International conference on compiler construction"},{"key":"IJISP.2019040106-5","author":"U.Bayer","year":"2006","journal-title":"TTAnalyze: A tool for analyzing malware"},{"key":"IJISP.2019040106-6","unstructured":"Brumley, D., Hartwig, C., Kang, M. G., Liang, Z., Newsome, J., Poosankam, P., . . . Yin, H. (2007). Bitscope: Automatically dissecting malicious binaries. Carnegie Mellon University."},{"key":"IJISP.2019040106-7","unstructured":"Cade, C. (2015). Understanding Heuristic-based Scanning vs. Sandboxing. Retrieved from https:\/\/www.opswat.com\/blog\/understanding-heuristic-based-scanning-vs-sandboxing"},{"key":"IJISP.2019040106-8","article-title":"Static analysis of executables to detect malicious patterns.","author":"M.Christodorescu","year":"2003","journal-title":"Proceedings of the Usenix Security"},{"key":"IJISP.2019040106-9","article-title":"Semantics-aware malware detection.","author":"M.Christodorescu","year":"2005","journal-title":"Proceedings of the IEEE Symposium on Security and Privacy"},{"key":"IJISP.2019040106-10","unstructured":"Collberg, C., Thomborson, C., & Low, D. (1997). A taxonomy of obfuscating transformations. The University of Auckland."},{"key":"IJISP.2019040106-11","doi-asserted-by":"publisher","DOI":"10.1145\/268946.268962"},{"key":"IJISP.2019040106-12","doi-asserted-by":"publisher","DOI":"10.3233\/ICA-160518"},{"key":"IJISP.2019040106-13","unstructured":"Dell Computers. (n.d.). Math vs. Malware. Retrieved from https:\/\/www.dell.com\/learn\/us\/en\/555\/shared-content~data-sheets~en\/documents~math-vs-malware-whitepaper-v1.pdf"},{"key":"IJISP.2019040106-14","author":"E.Eilam","year":"2005","journal-title":"Reversing: Secrets of Reverse Engineering"},{"key":"IJISP.2019040106-15","unstructured":"Github. (n.d.). Entropy analysis tools. Retrieved from https:\/\/github.com\/ulikoehler\/entropy-analysis-tools"},{"key":"IJISP.2019040106-16","author":"A.Honig","year":"2012","journal-title":"Practical Malware Analysis. The Hands-On Guide to Dissecting Malicious Software"},{"key":"IJISP.2019040106-17","article-title":"Behavior-based spyware detection.","author":"E.Kirda","year":"2006","journal-title":"Proceedings of the Usenix Security Symposium"},{"key":"IJISP.2019040106-18","doi-asserted-by":"crossref","first-page":"91","DOI":"10.1109\/CSAC.2004.19","article-title":"Detecting kernel-level rootkits through binary analysis.","author":"C.Kruegel","year":"2004","journal-title":"20th Annual Computer Security Applications Conference"},{"issue":"3","key":"IJISP.2019040106-19","first-page":"489","article-title":"HB-DIPM: Human behavior analysis-based malware detection and intrusion prevention model in the future internet","volume":"12","author":"J. K.Lee","year":"2016","journal-title":"Journal of Information Processing Systems"},{"key":"IJISP.2019040106-20","doi-asserted-by":"publisher","DOI":"10.1038\/srep42308"},{"issue":"2","key":"IJISP.2019040106-21","doi-asserted-by":"crossref","DOI":"10.1109\/MSP.2007.48","article-title":"Using entropy analysis to find encrypted and packed malware.","volume":"5","author":"R.Lyda","year":"2007","journal-title":"IEEE Security and Privacy"},{"key":"IJISP.2019040106-22","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.21"},{"key":"IJISP.2019040106-23","unstructured":"Net marketshare. (n.d.). Operating system market share. Retrieved from https:\/\/www.netmarketshare.com\/operating-system-market-share.aspx?qprid=10&qpcustomd=0"},{"key":"IJISP.2019040106-24","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-03811-6"},{"key":"IJISP.2019040106-25","unstructured":"NIST. (n.d.). rds_247dp.zip. Retrieved from http:\/\/www.nsrl.nist.gov\/Downloads.htm"},{"key":"IJISP.2019040106-26","unstructured":"NTCore. (n.d.). Explorer suite. Retrieved from http:\/\/www.ntcore.com\/exsuite.php"},{"key":"IJISP.2019040106-27","doi-asserted-by":"publisher","DOI":"10.5815\/ijcnis.2017.02.06"},{"key":"IJISP.2019040106-28","unstructured":"OllyDbg. (n.d.). Retrieved from http:\/\/www.ollydbg.de\/"},{"key":"IJISP.2019040106-29","author":"S.Pearce","year":"2003","journal-title":"Viral polymorphism"},{"key":"IJISP.2019040106-30","unstructured":"Realms, S. (n.d.). Armadillo protector. Retrieved from http:\/\/www.woodmann.com\/crackz\/Packers.htm#armadillo"},{"key":"IJISP.2019040106-31","unstructured":"Stolfo, S. J., Wang, K., & Li, W.-J. (2005). Fileprint analysis for malware detection. ACM CCS WORM"},{"key":"IJISP.2019040106-32","author":"P.Szor","year":"2005","journal-title":"The Art of Computer Virus Research and Defense"},{"key":"IJISP.2019040106-33","unstructured":"Willems, C. (2006). CWSandbox: Automatic Behaviour Analysis of Malware. Retrieved from http:\/\/www.cwsandbox.org\/"},{"key":"IJISP.2019040106-34","doi-asserted-by":"publisher","DOI":"10.1145\/1315245.1315261"},{"key":"IJISP.2019040106-35","unstructured":"Zeltser, L. (2007). Malware sample sources for researchers. Retrieved from https:\/\/zeltser.com\/malware-sample-sources\/"}],"container-title":["International Journal of Information Security and Privacy"],"original-title":[],"language":"ng","link":[{"URL":"https:\/\/www.igi-global.com\/viewtitle.aspx?TitleId=226951","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,5,6]],"date-time":"2022-05-06T18:25:11Z","timestamp":1651861511000},"score":1,"resource":{"primary":{"URL":"https:\/\/services.igi-global.com\/resolvedoi\/resolve.aspx?doi=10.4018\/IJISP.2019040106"}},"subtitle":[""],"short-title":[],"issued":{"date-parts":[[2019,4,1]]},"references-count":36,"journal-issue":{"issue":"2","published-print":{"date-parts":[[2019,4]]}},"URL":"https:\/\/doi.org\/10.4018\/ijisp.2019040106","relation":{},"ISSN":["1930-1650","1930-1669"],"issn-type":[{"value":"1930-1650","type":"print"},{"value":"1930-1669","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,4,1]]}}}