A survey on run-time packers and mitigation techniques

The battle between malware analysts and malware authors is a never-ending challenge with the advent of complex malware such as polymorphic, metamorphic, and packed malware. A malware packer uses various techniques combined with file encryption to harden against reverse engineering of the program and hinder the analysis of program behaviors. In any case, substantial elements have emerged after more than a decade of continuous research in malware packer detection, such as multi-packing. Newly modified packers have this persistent problem, which demands new concepts and techniques. This study aims to provide a systematic and comprehensive review of run-time packers’ mitigation techniques. We provide different types of packers and propose a malware packer handling life cycle for AV engines. Furthermore, we deliver a modern malware packers classification features set by examining the feature engineering in the packing handling life-cycle, such as feature extraction techniques in machine learning approaches. Also, we present extensive related works and discuss each work’s benefits and weaknesses to address this problem, with a particular emphasis on packers identification techniques, to aid in unpacking malware. Finally, we identify the current gaps in knowledge and provide ideas about future work.