When you run the executable it will run the uncompressed code which unpacks the rest of the code and runs it. With something called a “runtime packer” there is a portion of code in the executable that is not compressed. Normally with a zip file you have to unzip the file manually in order for it to be usable. This article will talk about some of the basic packers and a neat trick that works to unpack most of them.Ī packer is software that will compress your executable files, just like how zip files work. As a malware analyst you should know about what packing is and how to unpack an executable. One of the more effective tricks is to use a packer to compress the malware, making it harder for antivirus software to detect it. They can obfuscate strings or sign the malware as some other software. Malware authors use many tricks to try to get past antivirus solutions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |