Zscaler to Expand Zero Trust Exchange Platform's AI Cloud with Data Fabric Purpose-built for Security

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Subscribe
Security Research

“Say Cheese!” Let’s Take A Picture For You Guys, Packer Families.

image
THREATLABZ
February 08, 2013 - 2 min read

 

Gong Xi Fa Cai!恭喜发财

 

It’s the last weekend of the Chinese New Year, Year of Snake.  
 
 Figure
 from http://www.divinecaroline.com
 
The Chinese New Year is the most important Chinese holiday. Traditional activities such as taking family photo and making dumplings are must-to-do things to welcome the Chinese New Year. So it’s time for me to take a family photo for all packers.
 
The large-scale volume of packed advanced malware has created a need to discover inter-family correlations for all packers.The following picture is what I have found about packer families.
 
Figure
 
Isn't it beautiful! Each cluster in the figure stands for a packer. It is clear that packer families share correlations from each other. Let's go through one by one.
 
Figure  
PKLite packer is lonely located on the far left middle side.
 
Figure  
Here come Orien and Dwing, the latter is one of the most popular packers, which has 20+ sub-versions.
 
Figure  
 
NSPack share correlations with MaskPE and ExePressor.
Figure  
 
PECompact has a large family and it has some relatives, such as PEArmor and ExeCryptor.
Figure
The God Father of packers goes to UPX. It sits in the right middle of the big family.
 
All right, I need to go home and make dumplings NOW, and am too lazy to put all the snapshots here.
If you are interested to find more, just drop me a line.
 
Again, Happy Chinese New Year!
 
form submtited
Thank you for reading

Was this post useful?

dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.