Unpacking

Removing packing from a file to see its true contents

Files that are encrypted or compressed with a run-time packer need to be unpacked in order to inspect their contents. Unpacking is carried out as part of the process of malware analysis, both in labs during the initial analysis of an item, and by some anti-malware software when it encounters packed files.

Packing is often used as a means of concealing malware from detection, with essentially the same file appearing very different on the surface when repacked in a slightly different manner. Breaking the security of a packer is thus a vital part of analysing malicious code, and is also highly useful for security software when scanning files, as it enables the true contents to be scanned.

Quick Links

Poll
The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Yes
No
I don't know
Leave a comment
View 11 comments

99 Subscription Promo

Virus Bulletin
In this month's magazine:
  • Living the meme
  • If Svar is the answer...
  • Static analysis of mobile malware
  • And the devil is six: the security consequences of the switch to IPv6
  • Behind enemy lines: reporting from the CCC 28C3 Congress
Virus Bulletin 02 2012
Subscribe now!

Virus Bulletin currently has 224,238 registered users.