|Register On Nairaland / LOGIN! / Trending / Recent / New|
Stats: 3,109,093 members, 7,672,360 topics. Date: Sunday, 10 December 2023 at 02:51 PM
|Understanding Packers, Crypters And Protectors: FUD Malwares by BarrSly: 5:14pm On Jan 03|
We shall attempt to define the terms packer, crypter, and protector in the context of how malware uses them in this post. Keep in mind that there are exceptions to the principles, all of these categories have overlap, and no definitions for them are absolute. But I think this categorisation makes the most sense.
This is a common abbreviation for "runtime packers," also referred to as "self-extracting archives." When the "packed file" is executed, the software unpacks itself in memory. This method is sometimes referred to as "executable compression" on occasion. In order to make files smaller, this kind of compression was developed so that users wouldn't have to manually unpack them before they could be used. However, the demand for smaller files is no longer as pressing considering the size of portable media and internet speeds today. Therefore, it is virtually always for bad intentions when you see certain packers being used today. essentially to make it more challenging to reverse engineer, with the added advantage of leaving a smaller footprint on the infected machine.
Software designed to stop program tampering and reverse engineering is referred to in this sense as a protector. Both packing and encrypting may be utilized, as is typically the case. What is commonly referred to as a protector is made up of that combination and a few extra functions. Because of the protective layers surrounding the payload, reverse engineering will be challenging.
Code virtualization is a totally distinct strategy that also falls under the category of protectors; it employs a unique and separate virtual instruction set each time you use it to protect your program. Professional versions of these protectors are employed in the gaming industry to combat piracy. The method, however, has also been incorporated into malware, more notably ransomware. This enables ransomware that can transfer the encryption key without a C&C server. The encryption key can be hardcoded into the ransomware because the security is so effective. A project that leverages open-source code virtualization is Locky Bart, as an example.
This article has been able to distinguish between each tool to avoid confusion regarding their capabilities and functions as well as to help researchers understand that although a piece of software may seem legitimate, it may actually be encrypted and call for a deeper investigation.
|Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health |
religion celebs tv-movies music-radio literature webmasters programming techmarket
Nairaland - Copyright © 2005 - 2023 Oluwaseun Osewa. All rights reserved. See How To Advertise. 31