The battle between cybersecurity and malicious files is ever-changing, as the goalposts are always being moved. Whenever analysts figure out a way to reverse-engineer a particular type of malware, hackers undermine their efforts with more complex encryption and new obfuscation techniques. This means that your computer and data security measures should be up to date in order to ensure the safety of your hardware, software and information.
That said, there are some common obfuscation techniques that have changed very little over time. One of the most common methods used by hackers is the packed executable file. But what exactly are packed executables? And what purpose do they serve? We will answer both of these questions and more. First, though, let’s define the term “executable file.”
What is an executable file?
Generally, an executable file can be easily distinguished from a data file. A data file stores information (or data) on a computer. You can open a data file and read or modify the data. In most cases, data files do not contain executable code.
Alternatively, an executable file performs a particular function on a computer. When an executable file is opened, the function is “executed” according to the code contained within the file. Unlike data files, executable files cannot be read, because they are written in a compiled programming language.
You can usually identify an executable file by its file extension. On most Microsoft-based software, executable files end in .COM or .EXE; on macOS, they end in .DMG or .APP. In either case, these files will begin their designated operations as soon as they are opened.
What is packing?
Now that you have an understanding of an executable file, we can look at the act of “packing.” When an executable file is packed, the executable code (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Matthew Jones. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/DIw2svjoLvQ/