Binary packing is the technique of compressing executable files to obscure their content, making it harder for security applications to detect or analyze them.
Binary packing involves taking an original binary file and compressing it with a special software tool called a packer or compressor. This software creates a new, modified binary file with a reduced size and different structure. When this compressed file is executed, it is first decompressed by the packer and then executed normally.
Binary packing can make it more challenging for security tools to identify and analyze malicious code since the compressed binary may not match known signatures or file structures. Binary packing is particularly effective against antivirus and intrusion detection systems that rely on signature-based detection.
Binary packing can also be employed for legitimate purposes, such as compressing large executable files for distribution or reducing software update size. Therefore, security tools must be able to differentiate between legitimate and malicious uses of binary packing to safeguard against cyber threats effectively.