From the course: Ethical Hacking: Evading IDS, Firewalls, and Honeypots

Unlock the full course today

Join today to access over 22,500 courses taught by industry experts or purchase this course individually.

Custom packaging of software

Custom packaging of software

From the course: Ethical Hacking: Evading IDS, Firewalls, and Honeypots

Start my 1-month free trial

Custom packaging of software

- [Instructor] A packer is a tool which creates a malware image using various techniques, such as compression, masking with an xor, encryption, and other obfuscations. Packers may also include special code to check for sandboxing and if found, take action to defeat analysis, such as deleting files and terminating. The malware which has created is then loaded by some form of stub code, which unpacks it in memory. While this protects the malware code, the stub code can be used to fingerprint malware even down to specific malware campaigns. One way to defeat stub code detection is to use a custom packer. This means that a specific attack has its own unique fingerprint and so can't be detected from having found an earlier attack. An example of this is the Andromeda Gamarue Custom Packer described in this analysis by Morphisec. These forms of packers are often a challenge for automated sandbox detectors.

Contents