Mario A. López, Frisk Software Intl., Iceland
Emulation based unpacking? Too slow.
Static unpacking? Too specific.
Why not both?
We present here an overview of the current F-PROTs AV engine's Win32 PE file format packers/protectors handling capabilities, that make use of both apporaches together to deal with the problem. In combination with a flexible data base driven AV engine architecture, it has become a very important element in F-PROT's technology to deal with the always increasing malware production volume. Let's take a look.