Packer question

Discussion in 'other anti-virus software' started by f3x, Mar 11, 2006.

Thread Status:
Not open for further replies.
  1. f3x

    f3x Registered Member

    Feb 6, 2006
    Montreal, Quebec
    Well i'm just curious, what is the point of view of anti-virus industry about exe packers ?

    For no particular reason, i started to collection exe packer and there is almost alwais a false positive among the group. I've seen many software having to explain themself with antivirus software because they used the same packer (and thus the same unpacking code) than know virus. Heuristic engine would pick them up as unknow variant of (xxxx). I have not found any official number on this, but i widely guess that packers account for 1/4 to 1/3 of all false positive? Is this number accurate ?

    Also how can an antivirus choose wich part of the executable should be part of a signature. And how can they make sure those part are not common one found in other software ?

    I was just beung curious. Thanks in advance for any answear.
  2. Happy Bytes

    Happy Bytes Guest

    - By reverse engineering (disassembling) or
    - With the help of enough beer and dices - the total number of the eyes after the 3rd throw is the relative offset from the entrypoint

    Method 1 is recommendable
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.