Glossary
Packer
A tool that compresses or encrypts an executable and wraps it with a stub that decompresses/decrypts it at runtime before transferring control to the original code.
A packer takes an existing executable, applies compression or encryption, and prepends a small stub that reconstructs the original code in memory at runtime before jumping to the Original Entry Point (OEP). Originally designed for size reduction (UPX), packers are now widely used to hinder static analysis and defeat antivirus signatures. Packed binaries show a small .text section (the stub) and large, high-entropy sections holding the encrypted payload. Unpacking involves running the binary under a debugger, waiting for the stub to decompress the payload, and dumping the memory image at the OEP.