Home / malware Packer.Malware.Crypter.H
First posted on 21 November 2011.
Source: BitDefenderAliases :
There are no other names known for Packer.Malware.Crypter.H.
Explanation :
Files detected as Packer.Malware.Crypter.H are malware files which employ
a specific packer/protector to bypass AV detection and hide malware activity.
Detecting if a file is packed is rather difficult and can only be done by
carefull analysis but here some clues for detection
- 3 or more sections with random string names
- section which contains the decryptor is the only one with write attribute
- imports are in the last section
Packer isn't very complicated or obfuscated but employs long loops where data
is decrypted to deter emulation.
In the wild this packer/cryptor has been associated first time with Antivirus
2008 (a rogue antivirus).Last update 21 November 2011
