0

I am trying to understand how custom malware unpacking. There are packers generally used but sophisticated malware use their own packer. How do i learn about packer briefly and how they work and how to unpack them to analyze malware?

Grey
  • 1
  • 1
    Just like any other compression system: the remove the redundancy from the source data. At runtime, they execute a small loader that reads the compressed code from the file stream, decompresses the code in memory and then executes it. – Stephane Feb 13 '17 at 15:24

1 Answers1

0

Packers are pieces of software that apply different compressing techniques. But as far as software protection and malwares are concerned, modern packers are also capable of code obsfucation, executing code through virtual environments, detecting if the program is being debugged, or run under some sort of sandbox etc. They are trying to hide the code and make its analysis very complex. There are many packers that are ready-to-use, but most serious programmers, or malware creators make some of their own, so there isn't a standard procedure for unpacking. If you are into reverse engineering and you want to learn manual unpacking, try downloading some well-known packers and start working with them through tutorials available online. Experience is everything in this domain - and a good malware analysis toolbox with offline tools!

Happy hunting!

Chris Tsiakoulas
  • 1,757
  • 1
  • 9
  • 9