Best unpacking AV???

Discussion in 'other anti-virus software' started by Alite, Jul 2, 2005.

Thread Status:
Not open for further replies.
  1. Tweakie

    Tweakie Registered Member

    Joined:
    Feb 28, 2004
    Posts:
    90
    Location:
    E.U.
    This does not necessarily mean that the unpacking engine does not work correctly ! This could mean that they decide to sign the packed sample instead of signing the unpacked one. This could also mean that they do not pick their signatures correctly for the unpacked samples (two samples unpacked by two different persons/engines can be slightly different).

    Of course, this could also mean that their engine cannot emulate through the packer's stub or does not correctly locates the OEP and keep emulating afterwards.

    But I think that the good way of testing the unpacking capabilities is to test if a sample that is originally found unpacked "in the wild" (and detected by the scanner) is still detected after you pack it. Not the opposite.

    I assume that bitdefender does not dump the unpacked samples to the disk ? Otherwise, we could check...
     
  2. thank you :)

    thank you :) Guest

    thank you all :)
     
  3. Starrob

    Starrob Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    493
    Finally....a thread with some meat in it. Informative for me....thanks for the insights from all that commented.


    Starrob
     
  4. Starrob

    Starrob Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    493
    I just wanted to ask a question. Considering how all the problems with unpacking, does anyone believe that the AV's can continue to detect viruses/trojans using signatures or will they eventually have to migrate to mostly behavior blocking methods?



    Starrob
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.