Polymorphic malware

From CNM Wiki
Jump to: navigation, search

Polymorphic malware is malware that changes each instance to avoid detection. It typically has two parts: the decryptor and the encrypted program body. Each instance can encrypt the malware program differently and hence has a different decryptor; however, once decrypted, the same malware code is executed. (contrast with metamorphic malware).

Definitions

According to the CyBOK (version 1),

Polymorphic malware. Malware that changes each instance to avoid detection. It typically has two parts: the decryptor and the encrypted program body. Each instance can encrypt the malware program differently and hence has a different decryptor; however, once decrypted, the same malware code is executed. (contrast with metamorphic malware).
Retrieved from "https://pravka.bskol.com/w/index.php?title=Polymorphic_malware&oldid=54452"