Unpacking

Removing packing from a file to see its true contents

Files that are encrypted or compressed with a run-time packer need to be unpacked in order to inspect their contents. Unpacking is carried out as part of the process of malware analysis, both in labs during the initial analysis of an item, and by some anti-malware software when it encounters packed files.

Packing is often used as a means of concealing malware from detection, with essentially the same file appearing very different on the surface when repacked in a slightly different manner. Breaking the security of a packer is thus a vital part of analysing malicious code, and is also highly useful for security software when scanning files, as it enables the true contents to be scanned.

Glossary


	Similar entries Emulation Family Generic detection Sandbox(ing) Signature Variant Virtualisation See also Glossary Resources

Quick Links

Poll

The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Leave a comment
View 11 comments

Virus Bulletin


	In this month's magazine: Living the meme If Svar is the answer... Static analysis of mobile malware And the devil is six: the security consequences of the switch to IPv6 Behind enemy lines: reporting from the CCC 28C3 Congress Subscribe now!

Virus Bulletin currently has 224,238 registered users.

Fighting malware and spam

Unpacking

See also