Packers are tools used to compress executables to reduce their file size whilst retaining their executable property. Hackers harness packing as one of the numerous tricks to avoid detection. However, there are times when software authors pack their legitimate tools and thus not all packed executables are malware.
UPX is a popular packer. I packed several files with it and analysed them in a hex editor to try to discover patterns. Lo and behold... the tell-tale signs of a UPX packed file is the presence of UPX strings (ie. UPX0, UPX1 and UPX!).
Further investigation demonstrates that searching for UPX strings is not accurate because the UPX packed executables still function even if you change the UPX text. A reliable methodology of detecting packed executables is a tool called PEiD. It identifies UPX packed files by hexadecimal values.
Subscribe to:
Post Comments (Atom)
VMware Workstation Pro is now free for personal use!!!
VMware Workstation Pro is now free for personal use!!! However, it was not straight forward to install on Ubuntu as I encountered error mes...
-
This annoying message popped up after I ran the update in avast! in Ubuntu yesterday. avast! crashes every time I attempt to launch it after...
-
I decided to install a digital certificate for my Gmail account. This is simple and free to set up. Apply for a free certificate from Comod...
No comments:
Post a Comment