hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
Full Version: Top 10 Packers?
GovernmentSecurity.org > System Security > Trojan & Virus Errata
sk3tch
Mar 13 2005, 04:08 AM
Hi everyone,

I'm doing research on anti-virus (AV) software and I want to test each vendor's ability to handle the most popular packers/crypters/etc. As many of you know, the more packers an AV package supports, the higher the likelihood that they'll detect new variants that have just simply been repacked. Many vendors use the packed file (versus the contents of the packed file) for their signatures - this is wrong and inefficient! Help me outline the "vulnerable" AV packages.

Here is a good link with a bunch of packers listed if you need your memory jogged -

http://protools.reverse-engineering.net/packers.htm

Please list your top 10...

Thank you very much in advance!!!

saetji
Mar 13 2005, 04:34 AM
1. Manual Packing (ie ME!!!!)
2. Aspack
3. Morphine(assuming you're including encrypters or whatever morphine comes under)
4. UPX

Ive heard armadillo is good but i dont ahve a full version of it to test it out so cant help there. Other packers/enncrypters which I might consider using are pervert & pex but I never have done so before
sk3tch
Mar 13 2005, 05:46 AM
Thanks saetji, I edited my post - yes, I am referring to packers, crypters, and any other file "protector" to hide from AV.
kbnet
Mar 13 2005, 09:28 AM
1. UPX
2. Morphine
3. ASPack

Thats all I have ever used. Only chose to use those compressors because of the amount of coverage and respect these products get so I thought I should give them a try. UPX and ASPack are commonly used in the field, Symantec has mentioned loads of viruses where these packers have been used.

If you haven't thought about this already I would recommend writing a script which would go through each packer and each packer will pack the original file. Simple BAT file will do the job.

CODE

@echo off
echo Compressing with UPX...
@c:\packers\upx\upx %1
echo Compressing with ASPack...
@c:\packers\aspack\aspack %1
etc...


Should save you alot of time.

Good look with your research.
jhdscript
Mar 13 2005, 09:39 AM
FSG
ASPACK
MORPHINE + EXESTEALPH
ash^
Mar 13 2005, 12:20 PM
1. ASPACK
2. PECOMPACT
3. YodaCrypt
4. Morphine
5. UPX
6. FSG

Mix them together and hide the headers and you can get alot of files undectable from AV's tongue.gif
B3T4
Mar 13 2005, 11:05 PM
i use molebox often for these things

sk3tch, for who are u doing research for? smile.gif
AdmiralB
Mar 14 2005, 01:18 AM
SOME UNKNOWN CRAP
UPX
MORPHINE
FSG
METAHUMAN
May 22 2005, 09:33 AM
1.) MEW
2.) MEW
3.) MEW
4.) FSG
5.) UPX
These are my choices! smile.gif !
Mr_X
May 22 2005, 11:16 AM
1. Mew
2. UPX
3. FSG
4. Morphine (not really a packer)
belgther
May 22 2005, 12:27 PM
ASProtect is my favourite, then comes ASPack, then Petite, and Shrinker, then UPX...
HnX
Jun 23 2005, 12:02 PM
1. Mew
2. FSG
3. UPX


My Top Packers List tongue.gif
nolimit
Jun 23 2005, 10:30 PM
Uhh, Packing is gay. I just code my own stuff, then it's never in vscans.

Pointless response, nolimit. It has nothing to do with the topic. wink.gif
netxman
Jul 2 2005, 04:10 AM
Nspack (From China)

Aspack (More universal)

Upx (More universal)

Morphine (Better for encrypt)

tuttefrut
Jul 2 2005, 06:29 PM
morphine and upx normally do the trick
CombatWombat
Jul 3 2005, 12:21 PM
1.UPX
2.MEW
3.Morphine
roder
Jul 4 2005, 02:05 AM
Upack
Mew 1.2
Morphine
upx + upolyx
spikje
Jul 5 2005, 08:31 AM
1.UPX
2.Aspack
3.FSG(asm only)
then I apply a recompiled morphine smile.gif
w00x
Jul 9 2005, 12:37 PM
upack
fsg
packman
morph
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.