The Community for Technology Leaders
RSS Icon
Issue No.05 - September/October (2008 vol.6)
pp: 65-69
Wei Yan , Trend Micro
Zheng Zhang , McAfee
Nirwan Ansari , New Jersey Institute of Technology
In concert with the ever-growing network applications, a significant increase in the spread of malware over the Internet has been observed. In cases where malware are the zero-day threats, generating their signatures for detection via anti-virus (AV) scan engines becomes an important reactive security function. However, modern malware can easily bypass AV scanners using packers, which can hide malicious file contents from detection. This article describes how packers work, and the three most commonly used unpacking methods. The authors describe the logic flow and behavior of Upack, a popular packer, as an example of a software packer.
malware, packer, anti-virus, basic training
Wei Yan, Zheng Zhang, Nirwan Ansari, "Revealing Packed Malware", IEEE Security & Privacy, vol.6, no. 5, pp. 65-69, September/October 2008, doi:10.1109/MSP.2008.126
1. T. Brosch and M. Morgenstern, "Runtime Packers: The Hidden Problem?" keynotes from Black Hat USA 2006 Briefings and Training, BH-US-06-Morgenstern.pdf.
2. G. Szappanos, "Exepacker Blacklisting: Theory and Experiences," Proc. 2nd Int'l Computer AntiVirus Researchers Organization Workshop, (CARO), 2008; .
3. M. Pietrek, "Peering Inside the PE: A Tour of the Win32 Portable Executable File Format," Microsoft Systems J., Mar. 1994, pp. 15–34.
4. T. Graf, "Generic Unpacking—How to Handle Modified or Unknown PE Compression Engines," Proc. 2005 Virus Bulletin Conf., Virus Bulletin, 2005.
45 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool