Attackers go to great lengths to protect their binary from anti-virus detection and to make it difficult for a malware analyst to perform static analysis and reverse engineering. Malware authors often use packers and cryptors (see Chapter 2, Static Analysis, for a basic introduction to packers and how to detect them) to obfuscate the executable content. A packer is a program that takes a normal executable, compresses its contents, and generates a new obfuscated executable. A cryptor is like a packer instead of compressing the binary; it encrypts it. In other words, a packer or cryptor transforms an executable into a form that is difficult to analyze. When a binary is packed, it reveals very less information; you will ...