Jump to content
Sign in to follow this  
tastypoison

what is Malware.Packer.Krunchy

Recommended Posts

Hello,

I have some software files that have been sitting on my storage drive since 2007. I have scanned these same files with MBAM multiple times in the past with no alarms, but now one of the files gets flagged as Malware.Packer.Krunchy.

When I pull up the vendor info, it says that Malware.Packer.Krunchy was first spotted on 2009-09-02.

Since I have had this file since 2007, is this a false positive?

Thanks,

TP

Share this post


Link to post
Share on other sites

It is detected as malware because is packed with a packer, which in 99% of the cases, is used with malware.

http://www.malwarebytes.org/malwarenet.php....Packer.Krunchy

I would avoid it, until an expert sees this post. regards...

EDIT: see if we can find a moderator to move this into the F/P forum so we don't have a dup. post.....

EDIT: 2 all I could find until the issue is addressed here:

http://www.threatexpert.com/report.aspx?md...4bbc034927aa073

Share this post


Link to post
Share on other sites
It is detected as malware because is packed with a packer, which in 99% of the cases, is used with malware.

what is a packer ?

Share this post


Link to post
Share on other sites

A packer serves 3 purposes . The first is much like a zip file as it can reduce the size of a file . We are in the age of 2 TB hard drives so this hardly matters any more so the second and third purpose now dominate . Purpose #2 is to obscure the underlying code because like a zip file , you cant just look at the file and tell what the original was . The third purpose is to obscure the code in a semi-random way so that no two files (even if the pre packed files are identical) are the same .

Some coders (for reasons the escape me) like using packers that typically are only used by malware writers . This is a major PITA to deal with as building defs that attack the malware packer but not the legit files is not an easy task .

I hope this helps .

Share this post


Link to post
Share on other sites

thanks for the explanation.

Same problem for me today and only in SAFE MODE.

The suspected file is super_pi_mod.exe which is on my computer since a very long time and never has been suspected by various ioftware including MBAM until today.

Share this post


Link to post
Share on other sites
Some coders (for reasons the escape me) like using packers that typically are only used by malware writers . This is a major PITA to deal with as building defs that attack the malware packer but not the legit files is not an easy task .

I hope this helps .

You're missing quite a few reasons as to why coders use packers. One would be to reduce file size which reduces bandwidth-use (old software, updates, etc), another would be in intro's & demo's where there might or might not be a specific file size requirement for the compo (40k, 64k, etc). Make something fit on a floppy/cd/dvd.

Didn't mean to necro an ancient thread, but when I google'd 'Malware.Packer.Krunchy' when MBAM hit up a a few intro's I was curious and felt I could prevent some people from deleting non infected files.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.