In order to prevent the reverse engineering of a malicious software program and to hinder the analysis of the program’s behaviour, malware developers may compress – or pack – their malicious programs, using a variety of methods combined with file encryption. Antivirus programs detect the results of the actions of Suspicious Packers, i.e. packed items.
There are ways to prevent packed files from being unpacked. For example, the packer may not fully decipher the code – only to the extent that it is executed – or the packer may only fully decrypt and launch a malicious program on a specific day of the week.
How Suspicious Packers can impact you
The main features that differentiate behaviours in the Suspicious Packers subclass are the type and number of packers used in the file compression process. The Suspicious Packers subclass of malware includes the following behaviours:
- Suspicious Packer
Objects that have been compressed, using packers that are designed to protect malicious code against detection by antivirus products - MultiPacked
Files that have been packed several times, using a variety of packers. - Rare Packer
Files that have been compressed by packers that are rarely encountered – for example, packers that demonstrate a proof of concept.
How to protect yourself against Suspicious Packers
Installing effective anti-malware software on all of your devices – including PCs, laptops, Macs, smartphones and tablets – and keeping your anti-malware solution updated, can protect you against Suspicious Packers. Kaspersky Anti-Virus – will detect and prevent a vast range of malicious software programs and suspicious software on your PC, while Kaspersky Internet Security for Android delivers world-class virus protection for Android smartphones. Kaspersky Lab has products that protect the following devices:
- Windows PCs
- Linux computers
- Apple Macs
- Smartphones
- Tablets
Other articles and links related to Suspicious Packers