Packer question

Discussion in 'other anti-virus software' started by f3x, Mar 11, 2006.

Thread Status:
Not open for further replies.
  1. f3x

    f3x Registered Member

    Joined:
    Feb 6, 2006
    Posts:
    311
    Location:
    Montreal, Quebec
    Well i'm just curious, what is the point of view of anti-virus industry about exe packers ?

    For no particular reason, i started to collection exe packer and there is almost alwais a false positive among the group. I've seen many software having to explain themself with antivirus software because they used the same packer (and thus the same unpacking code) than know virus. Heuristic engine would pick them up as unknow variant of (xxxx). I have not found any official number on this, but i widely guess that packers account for 1/4 to 1/3 of all false positive? Is this number accurate ?


    Also how can an antivirus choose wich part of the executable should be part of a signature. And how can they make sure those part are not common one found in other software ?

    I was just beung curious. Thanks in advance for any answear.
     
  2. Happy Bytes

    Happy Bytes Guest

    - By reverse engineering (disassembling) or
    - With the help of enough beer and dices - the total number of the eyes after the 3rd throw is the relative offset from the entrypoint

    Method 1 is recommendable
     
Loading...
Thread Status:
Not open for further replies.