Today I will make an entry in the blog to talk about the importance of unpacking packed samples.
Remember that with packed samples I mean setup, installations, embedded files, files that can be dropped to disk, auto-extractable files (Rar, ZIP, etc).
KAV can help you to identify that kind of files. Just enable the "Show pack info in the report" option. You can find it at "Options" menu.
To prove the importance of unpacking I will show an example.
9E3F66B6.EX_ is a packed file. Let´s see how many time needs KAV to scan it:
c:\test\9E3F66B6.EX_/file7 Infected Backdoor.Win32.PcClient.bdud
Scan time 05:50
Almost 6 minutes to scan the packed file! And that is in a Core i7 computer!!!
Imagine you have 300 files like that one. Scan them would take over a complete day, probably much more in slower computers, to scan just 300 files. Crazy!
Now let´s see how many time is required to detect the detected sample inside the packed file:
c:\test\MSDN_VC.EXE Infected Backdoor.Win32.PcClient.bdud
Scan time 00:00
The file is scanned in no time.
Big big difference, isn´t it?
Now you should realize the real importance and impact that unpacking stuff may have in the required time to scan your collection.
See you in next post!
No hay comentarios:
Publicar un comentario