Alienyze Packers

Alienyze is a software packer designed to compress executable files, allowing them to reduce the file size of their software as much as possible.

Anti-Debugger techniques that detect and fool present debuggers
Anti-VM techniques that detect sandbox & virtualized environments
Protection from disassemblers and software analysis tools
Hardware …

AsPack Packers

ASPack is an EXE packer created to compress Win32 executable files and to protect them against reverse engineering.

The solution makes Windows programs and libraries smaller up to 70% what leads to a reduction in the download time of compressed applications in local networks and the Internet because of their smaller size compared to uncompressed apps.

The ASPack …

PEtite Packers

Petite is a free Win32 (Windows 95/98/2000/NT/XP/Vista/7/etc) executable (EXE/DLL/etc) compressor. The compressed executables decompress themselves at run time and can be used just like the original non-compressed versions.

Petite also adds virus detection to the compressed executables; they will check themselves for infection every time they are executed.

Crinkler Packers

Crinkler is a compressing linker for Windows, specifically targeted towards executables with a size of just a few kilobytes.

PECompact Packers

PECompact is a Windows executable compressor. It has a plugin system that offers virtually customization.

hXOR Packer Packers

hXOR Packer is a PE (Portable Executable) packer with Huffman Compression and Xor encryption.

The unpacker will decompress and decrypt the packed PE and execute it directly from memory without needing any hard disk space to execute.

PESpin Packers

PESpin is a Windows executable files protector, compressor coded in Win32ASM using MASM. Overall, this application will enable the compression of the entire executable - code, data, and resources, thus leaving the file protected against patching or disassembling.

Milfuscator Packers

Milfuscator is a tool used to obfuscate the code in a Portable Executable (PE) file by modifying and expanding the existing code in the ".text" section, without creating any new sections. It does this using the Zydis and AsmJit libraries, and is based on the concept of code mutation from a P2C project for the game Counter-Strike: Global Offensive. The …

Hijack Execution Flow: Path Interception by Search Order Hijacking Defense Evasion [Mitre]

Adversaries may execute their own malicious payloads by hijacking the search order used to load other programs. Because some programs do not call other programs using the full path, adversaries may place their own file in the directory where the calling program is located, causing the operating system to launch their malicious software at the request of the calling program.

…

Hijack Execution Flow: Path Interception by Unquoted Path Defense Evasion [Mitre]

Adversaries may execute their own malicious payloads by hijacking vulnerable file path references. Adversaries can take advantage of paths that lack surrounding quotations by placing an executable in a higher level directory within the path, so that Windows will choose the adversary's executable to launch.

Service paths and shortcut paths may also be vulnerable to path interception if the …

Search Evasion Techniques

Search Result