PolyPack: An Automated Online Packing Service for Optimal Antivirus Evasion

Free registration required

Executive Summary

Packers have long been a valuable tool in the toolbox of offensive users for evading the detection capabilities of signature-based antivirus engines. However, selecting the packer that results in the most effective evasion of antivirus engines may not be a trivial task due to diversity in the capabilities of both antivirus and packers. In this paper, the authors propose the creation of an online automated service, called PolyPack that uses an array of packers and antivirus engines as a feedback mechanism to select the packer that will result in the optimal evasion of the antivirus engines. Towards understanding the utility and efficacy of such a service, they construct an implementation of PolyPack which employs 10 packers and 10 popular antivirus engines.

  • Format: PDF
  • Size: 171.45 KB