![]() ![]() So when you see some packers being used nowadays, it is almost always for malicious purposes. But given the current size of portable media and internet speeds, the need for smaller files is not that urgent anymore. So users wouldn’t have to unpack them manually before they could be executed. This type of compression was invented to make files smaller. Sometimes this technique is also called “executable compression”. Software that unpacks itself in memory when the “packed file” is executed. This usually is short for “runtime packers” which are also known as “self-extracting archives”. So the goal is to hide the payload from the victim and from researchers that get their hands on the file. This is done by adding code that is not strictly malicious, but only intended to hide the malicious code. The payload, which is the actual malware that the threat actor wants to run on the victims’ computers, is protected against reverse engineering and detection (by security software). What they all have in common is their goal But this is the classification that makes sense to me. Bear in mind that no definitions for these categories are set in stone and that they all have overlap and that there are exceptions to the rules. In this article, we will try to explain the terms packer, crypter, and protector in the context of how they are used in malware. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
February 2023
Categories |