Download now Free registration required
Antivirus software vendors attempt to identify threats by unpacking suspicious samples and hence aim to produce as many unpackers as possible. When characteristic portions of a successfully unpacked sample are identified, the sample can be tagged and detection added. This procedure is commonly used for variants of well-known malware families and does not require the analysis of Windows API calls made by the sample. In contrast, in-depth analysis of packed threats requires the knowledge of the API functions called during execution. When a sample cannot be unpacked, memory dumps may be used to provide insight into its behavior.
- Format: PDF
- Size: 1328.2 KB