forgive my ignorance :-[ :-
what are win32 EXE packers, how the AV scanners gets more efficient by supporting more packers?
I replyed to your post at Wilders. You might wanna check it out
Hey… Don’t forget us… We want to know too and do not want to go so far to find where you post in Wilders ;D
RejZoR wrote:
EXE packers are for example UPX,ASPack,PECompact,NeoLite,PkLite and so on. They act similar to SFX archives using ZIP or RAR compression,but they work without any complications or need for external programs to unpack them for execution plus they are very fast(much faster then ZIP or RAR archives) at self-unpacking.Supporting more packers means that you can extract and investigate more content of such packers before actual exxecution of packed program (the one which is inside). If you don’t have support for that packer,the compressed executable must be executed in order to be detected. But doing this isn’t always a good idea since the malicous program can bypass AV software at that state.
If its detected (unpacked) before execution (usually on create/copy/move actions) this cannot happen.
Thanks pk,i wanted to copy&paste but you were faster
thanx guys ;D