The Malware constituents are: Packer, Crypter & Protector

Here is the description of all these components of the malware.

The common feature of these three elements is their purpose.

This security software protects the payload, which is the typical malware, against reverse engineering. Malware developers add a specific code to disguise a malicious code. Thus, the main aim of it is to conceal the payload from the victim and investigators who try to obtain the particular data.

The runtime packers (for short packers, are also known as self-extracting archives) is a software that dearchives itself in memory when executing a file. They are designed to reduce the size of files, so users would have no need to unpack them manually before they could be implemented. Considering the size of the modern-day portable media and the network speeds, the files of small sizes are unnecessary anymore. Thus, people use such packers for making reverse engineering more complicated, with the additional advantage of a smaller footprint on the affected devices.

The obfuscation is the simplest method for crypters just as encoding is considered to be more complex technique. Obfuscation is often used for java- and vbscripts. The crypters function is not only to encode a file, but to make a disguised executable be difficult to find by security vendors. The same thing is with some packers. FUD (Fully Undetectable) is one more synonym for the packer; being able to remain unnoticed by any security vendor is the long-cherished goal of its creators. But if developers can go hidden for a time, and then easily modify their files again once they are noticed, they will be satisfied with that.

A protector prevents from cracking and reverse engineering of different programs. The packing and encoding are the most frequently used methods within the work of this software. Besides, some additional features surrounding the payload with the protective layers, make reverse engineering more complicated.

The code virtualization is another element relating to the protectors’ sphere. It secures your app by using individual and various virtual instructions as well. These protectors also include professional versions of the gaming business against illegal usage of the software. This safety is really effective, taking into account that the encryption key can be embedded into the ransomware. The bright example is Locky Bart that uses WProtect, a project connecting with an open source virtualization.