Polymorphic engine

This article needs additional citations for verification. Please help by adding citations to reliable sources. Unsourced material may be challenged and removed.
Find sources: – · · · scholar · JSTOR (January 2021) (Learn how and when to remove this template message)

Information security
Part of a series on

Related security categories
Computer security Automotive security Cybercrime Cybersex trafficking Computer fraud Cybergeddon Cyberterrorism Cyberwarfare Electronic warfare Information warfare Internet security Mobile security Network security Copy protection Digital rights management
Threats
Adware Advanced persistent threat Arbitrary code execution Backdoors Hardware backdoors Code injection Crimeware Cross-site scripting Cryptojacking malware Botnets Data breach Drive-by download browser helper objects Computer crime Viruses Data scraping Denial of service Eavesdropping Email fraud Email spoofing Exploits Keyloggers Logic bombs Time bombs Fork bombs Zip bombs Fraudulent dialers Malware Payload Phishing Polymorphic engine Privilege escalation Ransomware Rootkits Bootkits Scareware Shellcode Spamming Social engineering (security) Screen scraping Spyware Software bugs Trojan horses Hardware Trojans Remote access trojans Vulnerability Web shells Wiper Worms SQL injection Rogue security software Zombie
Defenses
Application security Secure coding Secure by default Secure by design Misuse case Computer access control Authentication Multi-factor authentication Authorization Computer security software Antivirus software Security-focused operating system Data-centric security Code obfuscation Data masking Encryption Firewall Intrusion detection system Host-based intrusion detection system (HIDS) Anomaly detection Security information and event management (SIEM) Mobile secure gateway Runtime application self-protection
v t

A polymorphic engine (sometimes called mutation engine or mutating engine) is a software component that uses polymorphic code to alter the payload while preserving the same functionality.

Polymorphic engines are used almost exclusively in malware, with the purpose of being harder for antivirus software to detect. They do so either by encrypting or obfuscating the malware payload.

One common deployment is a file binder that weaves malware into normal files, such as office documents. Since this type of malware is usually polymorphic, it is also known as a polymorphic packer.

Notable examples of polymorphic engines include MtE (short for Mutation Engine), created in 1992 by a hacker named Dark Avenger,^[1] and the engine of the Virut botnet. These engines are usually written in assembly language,^[1]^[2] but they can also be written in high-level languages like C++.^[3]

References[]

^ ^a ^b "MtE 0.90b". GitHub. 15 September 2021.
^ "Simple Polymorphic Engine — SPE32". GitHub. 21 October 2021.
^ "Polymorphic Encryption Algorithms — Generating Code Dynamically".