Author Topic: Win32 EXE packers  (Read 5495 times)

0 Members and 1 Guest are viewing this topic.

Offline MWassef

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1315
Win32 EXE packers
« on: June 27, 2004, 09:24:27 PM »
forgive my ignorance  :-[ :-\
what are win32 EXE packers, how the AV scanners gets more efficient by supporting more packers?
MW

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9401
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:Win32 EXE packers
« Reply #1 on: June 27, 2004, 11:39:02 PM »
I replyed to your post at Wilders. You might wanna check it out :)
Visit my webpage Angry Sheep Blog

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67241
Re:Win32 EXE packers
« Reply #2 on: June 28, 2004, 03:07:54 AM »
I replyed to your post at Wilders. You might wanna check it out :)

Hey... Don't forget us... We want to know too and do not want to go so far to find where you post in Wilders  ;D
The best things in life are free.

Offline pk

  • Avast team
  • Super Poster
  • *
  • Posts: 2085
Re:Win32 EXE packers
« Reply #3 on: June 28, 2004, 03:16:22 AM »
RejZoR wrote:

Quote
EXE packers are for example UPX,ASPack,PECompact,NeoLite,PkLite and so on. They act similar to SFX archives using ZIP or RAR compression,but they work without any complications or need for external programs to unpack them for execution plus they are very fast(much faster then ZIP or RAR archives) at self-unpacking.

Supporting more packers means that you can extract and investigate more content of such packers before actual exxecution of packed program (the one which is inside). If you don't have support for that packer,the compressed executable must be executed in order to be detected. But doing this isn't always a good idea since the malicous program can bypass AV software at that state.
If its detected (unpacked) before execution (usually on create/copy/move actions) this cannot happen.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9401
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:Win32 EXE packers
« Reply #4 on: June 28, 2004, 05:46:35 PM »
Thanks pk,i wanted to copy&paste but you were faster :)
Visit my webpage Angry Sheep Blog

Offline MWassef

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1315
Re:Win32 EXE packers
« Reply #5 on: June 29, 2004, 07:15:50 PM »
thanx guys  ;D
MW