Drealmer's Tumblr

08/08/2011

kkrunchy and false positives

I have been using the kkrunchy EXE packer (link) for a while, but I only noticed now that the resulting EXE were way too often reported as malicious by antivirus software. VirusTotal (link) reports a 35% detection rate, which is way too high to ignore. Googling around I found the following quote (link) from ryg (of Farbrausch fame), the guy behind the amazing kkrunchy:

long story short: i’m done with exe packers. the overall win32 environment is just too hostile towards packed EXEs for me to bother with it

That really saddens me, that was the best tool around. But being the best means a lot of malicious software used it to hide themselves, and the baby got thrown with the bathwater.

Looks like I’ll have to turn to UPX (link) which is a bit less efficient, but is only reported as suspicious by 5% of the antivirus on VirusTotal (namely by TrendMicro).

Text posted at 16:41 -- Comments

Tumblr » powered Sid05 » templated
blog comments powered by Disqus