Tools
Tools
Bentley, Peter 
ORCID: https://orcid.org/0000-0002-6438-0028
(2026)
Analysis of the Contents of Windows’ Portable Executables Import Tables to Look for Malware and Zero-day Opportunities.
Discussion Paper.
University of Gloucestershire, University of Gloucestershire.
(Unpublished)
Preview |
Text
15723 Bentley, P (2026) Analysis of the Contents of Windows’ Portable Executables Import Tables to Look for Malware and Zero-day Opportunities.pdf - Accepted Version Available under License All Rights Reserved. Download (500kB) | Preview |
Abstract
Advanced Persistent Threats place some of their malware in the Windows file system and they also use zero-day exploits. In this paper a modified C++ program parses 32-bit binaries within the Windows file system for Import Table constituents for analysis. The analysis demonstrates that undocumented Microsoft routines are used and that there are Software Development Life Cycle issues in some executables which may be used for zero-day exploitation. Much of the work in support of this is done by using available software i.e. Living Off The Land.
| Item Type: | Monograph (Discussion Paper) |
|---|---|
| Uncontrolled Keywords: | Microsoft Windows; Portable Executable; Advanced Persistent Threat; APT; Windows; Master File Table; MFT; Malware; Zero-day; Living Off The Land. |
| Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science Q Science > QA Mathematics > QA76 Computer software > QA76.76 Computer software topics A-Z |
| Divisions: | Schools and Research Institutes > School of Business, Computing and Social Sciences |
| Depositing User: | Peter Bentley |
| Date Deposited: | 07 Jan 2026 12:15 |
| Last Modified: | 07 Jan 2026 12:23 |
| URI: | https://eprints.glos.ac.uk/id/eprint/15723 |
University Staff: Request a correction | Repository Editors: Update this record
