Skip to content
Log in

Packer / packing

Definition

A technique in which the original malware code is compressed or encrypted and wrapped in a stub loader that decompresses or decrypts it at runtime. Packed binaries frustrate static analysis because the real payload is not visible in the file bytes; only the stub is available to the disassembler until the sample is executed or the packer is reversed.

Related terms

Cryptographic hash
A fixed-length digest produced from a file's bytes by an algorithm such as MD5 (128-bit), SHA-1 (160-bit), or SHA-256 (256-bit). Identical files...
Disassembly
The process of converting raw binary machine code back into human-readable assembly language instructions. Disassembly is always achievable from a binary, unlike...
Import Address Table (IAT)
A section of the PE header that lists every external DLL and the functions the executable calls from each. A malware sample's...
Indicator of Compromise (IoC)
An observable artefact that suggests a system has been involved in a malicious event. Static analysis produces file-based IoCs: cryptographic hashes, embedded...
Portable Executable (PE)
The binary file format used by Windows executables (.exe), dynamic-link libraries (.dll), and drivers (.sys). The PE header contains a structured metadata...

Explained in

  • Static Malware AnalysisA technique in which the original malware code is compressed or encrypted and wrapped in a stub loader that decompresses or decrypts it at runtime. Packed bina...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account