For more details, check out the following links To analyze a malware in general, you must first isolate that malware in a virtual environment (VMware or VirtualBox) with the analyzes tools, in order not to infect your main machine. When it is run, the unpacking routine unpacks the code and loads it into memory in its original state.įigure 1: Generic example of packed executableĪnalyzing packed malware 1. A packer uses standard compression techniques (LZO, LZMA, …) on the file of course, the OS won’t recognize these code modifications, but the packer appends an unpacking routine to the executable. Packed executables are standalone files that can be executed while still compressed.
Not to be confused with standard compressions (rar/zip). It’s an executable that has been compressed firstly to minimize its file size, but often to complicate the reversing process.
0 kommentar(er)
