Jump to content

what is Malware.Packer.Krunchy


tastypoison

Recommended Posts

Hello,

I have some software files that have been sitting on my storage drive since 2007. I have scanned these same files with MBAM multiple times in the past with no alarms, but now one of the files gets flagged as Malware.Packer.Krunchy.

When I pull up the vendor info, it says that Malware.Packer.Krunchy was first spotted on 2009-09-02.

Since I have had this file since 2007, is this a false positive?

Thanks,

TP

Link to post
Share on other sites

It is detected as malware because is packed with a packer, which in 99% of the cases, is used with malware.

http://www.malwarebytes.org/malwarenet.php....Packer.Krunchy

I would avoid it, until an expert sees this post. regards...

EDIT: see if we can find a moderator to move this into the F/P forum so we don't have a dup. post.....

EDIT: 2 all I could find until the issue is addressed here:

http://www.threatexpert.com/report.aspx?md...4bbc034927aa073

Link to post
Share on other sites

A packer serves 3 purposes . The first is much like a zip file as it can reduce the size of a file . We are in the age of 2 TB hard drives so this hardly matters any more so the second and third purpose now dominate . Purpose #2 is to obscure the underlying code because like a zip file , you cant just look at the file and tell what the original was . The third purpose is to obscure the code in a semi-random way so that no two files (even if the pre packed files are identical) are the same .

Some coders (for reasons the escape me) like using packers that typically are only used by malware writers . This is a major PITA to deal with as building defs that attack the malware packer but not the legit files is not an easy task .

I hope this helps .

Link to post
Share on other sites

thanks for the explanation.

Same problem for me today and only in SAFE MODE.

The suspected file is super_pi_mod.exe which is on my computer since a very long time and never has been suspected by various ioftware including MBAM until today.

Link to post
Share on other sites
  • 1 year later...
Some coders (for reasons the escape me) like using packers that typically are only used by malware writers . This is a major PITA to deal with as building defs that attack the malware packer but not the legit files is not an easy task .

I hope this helps .

You're missing quite a few reasons as to why coders use packers. One would be to reduce file size which reduces bandwidth-use (old software, updates, etc), another would be in intro's & demo's where there might or might not be a specific file size requirement for the compo (40k, 64k, etc). Make something fit on a floppy/cd/dvd.

Didn't mean to necro an ancient thread, but when I google'd 'Malware.Packer.Krunchy' when MBAM hit up a a few intro's I was curious and felt I could prevent some people from deleting non infected files.

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.