Live Global Events: Secure, Simplify, and Transform Your Business.

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Security Research

“Say Cheese!” Let’s Take A Picture For You Guys, Packer Families.

February 08, 2013 - 2 min read


Gong Xi Fa Cai!恭喜发财


It’s the last weekend of the Chinese New Year, Year of Snake.  
The Chinese New Year is the most important Chinese holiday. Traditional activities such as taking family photo and making dumplings are must-to-do things to welcome the Chinese New Year. So it’s time for me to take a family photo for all packers.
The large-scale volume of packed advanced malware has created a need to discover inter-family correlations for all packers.The following picture is what I have found about packer families.
Isn't it beautiful! Each cluster in the figure stands for a packer. It is clear that packer families share correlations from each other. Let's go through one by one.
PKLite packer is lonely located on the far left middle side.
Here come Orien and Dwing, the latter is one of the most popular packers, which has 20+ sub-versions.
NSPack share correlations with MaskPE and ExePressor.
PECompact has a large family and it has some relatives, such as PEArmor and ExeCryptor.
The God Father of packers goes to UPX. It sits in the right middle of the big family.
All right, I need to go home and make dumplings NOW, and am too lazy to put all the snapshots here.
If you are interested to find more, just drop me a line.
Again, Happy Chinese New Year!
form submtited
Thank you for reading

Was this post useful?

Explore more Zscaler blogs

A cyber criminal shopping for malware
Agniane Stealer: Dark Web’s Crypto Threat
Read Post
Business people walking through a city
The Impact of the SEC’s New Cybersecurity Policies
Read Post
Digital cloud illuminated in blue
Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)
Read Post
The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
Read Post
01 / 02
dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.