Malware Analysis – Packers & Unpacking

What Is A Packer?

A packer is a tool that is used to compress the content of the malware.

Attackers will use packers to obfuscate the content of the malware, this makes it difficult to analyze strings.

Packers compress an executable and when executed the packed executable will be decompressed. This allows us to analyze the original unpacked executable.

Tools We Will Be Using

  • UPX
  • EXEinfo PE

 

Liked it? Take a second to support Alexis on Patreon!
Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *

Releated

Malware Analysis – Creating YARA Rules

YARA Rules YARA rules are used to identify samples based on specific strings or binary data.   Structure of a YARA rule   rule <rule_name> { meta: description = “Sample YARA rule”   strings: $a = “example” $b = “example2”   condition: ($a or $b) } Our completed YARA rule looks like this: rule creds_ru […]

Share this post

Malware Analysis – Malware Classification And Identification

Malware Classification & Identification Malware classification is the process of classifying malware samples based on shared characteristics with previously analyzed samples. An example of these characteristics are: strings and binary code.   What’s wrong with hash-based identification/classification? The content of the samples are changed by attackers to evade hash based identification/classification. Cryptographic hashing is only […]

Share this post