Packers are used to compress a file.

While this may be done for legitimate reasons – to save disk space or reduce data transmission time – packers are also used by cybercriminals as a form of code obfuscation.

The packing forms an extra layer of code that’s wrapped around a piece of malware to conceal it.

This is done to make it harder for anti-malware researchers to reverse engineer the code, or to hinder analysis of the code using heuristics.

Cybercriminals may pack their code multiple times, in an effort to make it even harder for anti-malware programs to detect the malware, or they may pack the code using different packers, thus creating successive new variants of the same malware.

Unless an anti-malware scanner understands the method used to pack the malware, it can’t ‘see through’ the packing to the malware within it.

Related Posts