Unpacking

Removing packing from a file to see its true contents

Files that are encrypted or compressed with a run-time packer need to be unpacked in order to inspect their contents. Unpacking is carried out as part of the process of malware analysis, both in labs during the initial analysis of an item, and by some anti-malware software when it encounters packed files.

Packing is often used as a means of concealing malware from detection, with essentially the same file appearing very different on the surface when repacked in a slightly different manner. Breaking the security of a packer is thus a vital part of analysing malicious code, and is also highly useful for security software when scanning files, as it enables the true contents to be scanned.

Poll

Who in your company is responsible for installing software patches?
System administrators
End users
I don't know

Leave a comment
Jobs Recruit Sidebar

VB2009

VB2009 VB2009 will take place 23-25 September 2009 at the Crowne Plaza Geneva, Switzerland. VB is currently seeking submissions from those wishing to present papers at VB2009. Full details are in the call for papers.
Virus Bulletin currently has 148,295 registered users.