• Home
• Program
• Hospitality Program
• Registration
• Downloads
• Contact

Unpacking, an hybrid approach

Mario A. López, Frisk Software Intl., Iceland

Emulation based unpacking? Too slow.

Static unpacking? Too specific.

Why not both?

We present here an overview of the current F-PROTs AV engine's Win32 PE file format packers/protectors handling capabilities, that make use  of both apporaches together to deal with the problem. In combination with a flexible data base driven AV engine architecture, it has become a very important element in F-PROT's technology to deal with the always increasing malware production volume. Let's take a look.