Virus authors frequently pack their malware using run-time packers such as UPX, PECompact and Upack in order to evade anti-virus software. When the malware is unpacked, various functions intended to impede analysis, or to make it more difficult to find entry points into the malware, are executed. Piotr Bania has presented a concept which allows these evasive measures to be circumvented in a manner more or less independent of the algorithm used and entry points for further analysis to be found.
Poitr Bana: Generic Unpacking of Self-modifying, Aggressive, Packed Binary Programs