{
	"id": "05b48bc0-9c68-41d5-a1ba-1dd40fa3e346",
	"created_at": "2026-04-06T00:13:22.414413Z",
	"updated_at": "2026-04-10T03:20:32.811355Z",
	"deleted_at": null,
	"sha1_hash": "3e471d355a190b956b485ad3b6b8fc35a8b24d53",
	"title": "Executable compression",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 208492,
	"plain_text": "Executable compression\r\nBy Contributors to Wikimedia projects\r\nPublished: 2005-04-22 · Archived: 2026-04-05 13:24:45 UTC\r\nFrom Wikipedia, the free encyclopedia\r\n\"POPCOM\" redirects here. For the music fair, see Popkomm.\r\nExecutable compression is any means of compressing an executable file and combining the compressed data\r\nwith decompression code into a single executable. When this compressed executable is executed, the\r\ndecompression code recreates the original code from the compressed code before executing it. In most cases this\r\nhappens transparently so the compressed executable can be used in exactly the same way as the original.\r\nExecutable compressors are often referred to as executable packers, runtime packers, software packers,\r\nsoftware protectors, or even \"polymorphic packers\" and \"obfuscating tools\".\r\nA compressed executable can be considered a self-extracting archive, where a compressed executable is packaged\r\nalong with the relevant decompression code in an executable file. Some compressed executables can be\r\ndecompressed to reconstruct the original program file without being directly executed. Two programs that can be\r\nused to do this are CUP386 and UNP.\r\n[citation needed]\r\nMost compressed executables decompress the original code in memory and most require slightly more memory to\r\nrun (because they need to store the decompressor code, the compressed data and the decompressed code).\r\nMoreover, some compressed executables have additional requirements, such as those that write the decompressed\r\nexecutable to the file system before executing it.\r\nExecutable compression is not limited to binary executables, but can also be applied to scripts, such as JavaScript.\r\nBecause most scripting languages are designed to work on human-readable code, which has a high redundancy,\r\ncompression can be very effective and as simple as replacing long names used to identify variables and functions\r\nwith shorter versions and/or removing white-space.\r\nAdvantages and disadvantages\r\n[edit]\r\nSoftware distributors use executable compression for a variety of reasons, primarily to reduce the secondary\r\nstorage requirements of their software; as executable compressors are specifically designed to compress\r\nexecutable code, they often achieve better compression ratio than standard data compression facilities such as\r\ngzip, zip or bzip2.\r\n[citation needed]\r\n This allows software distributors to stay within the constraints of their chosen\r\ndistribution media (such as CD-ROM, DVD-ROM, or floppy disk), or to reduce the time and bandwidth\r\ncustomers require to access software distributed via the Internet.\r\nhttp://en.wikipedia.org/wiki/Executable_compression\r\nPage 1 of 10\n\nExecutable compression is also frequently used to deter reverse engineering or to obfuscate the contents of the\r\nexecutable (for example, to hide the presence of malware from antivirus scanners) by proprietary methods of\r\ncompression and/or added encryption. Executable compression can be used to prevent direct disassembly, mask\r\nstring literals and modify signatures. Although this does not eliminate the chance of reverse engineering, it can\r\nmake the process more costly.\r\nA compressed executable requires less storage space in the file system, thus less time to transfer data from the file\r\nsystem into memory. On the other hand, it requires some time to decompress the data before execution begins.\r\nHowever, the speed of various storage media has not kept up with average processor speeds, so the storage is very\r\noften the bottleneck. Thus the compressed executable will load faster on most common systems. On modern\r\ndesktop computers, this is rarely noticeable unless the executable is unusually big, so loading speed is not a\r\nprimary reason for or against compressing an executable.\r\nOn operating systems which page executable images on demand from the disk, compressed executables make this\r\nprocess less efficient. The decompressor stub allocates a block of memory to hold the decompressed data, which\r\nstays allocated as long as the executable stays loaded, whether it is used or not, competing for memory resources\r\nwith other applications all along. If the operating system uses a swap file, the decompressed data has to be written\r\nto it to free up the memory instead of simply discarding unused data blocks and reloading them from the\r\nexecutable image if needed again. This is usually not noticeable, but it becomes a problem when an executable is\r\nloaded more than once at the same time—the operating system cannot reuse data blocks it has already loaded, the\r\ndata has to be decompressed into a new memory block, and will be swapped out independently if not used. The\r\nadditional storage and time requirements mean that it has to be weighed carefully whether to compress\r\nexecutables which are typically run more than once at the same time.\r\nAnother disadvantage is that some utilities can no longer identify run-time library dependencies, as only the\r\nstatically linked extractor stub is visible.\r\nAlso, some older virus scanners simply report all compressed executables as viruses because the decompressor\r\nstubs share some characteristics with those. Most modern virus scanners can unpack several different executable\r\ncompression layers to check the actual executable inside, but some popular anti-virus and anti-malware scanners\r\nhave had troubles with false positive alarms on compressed executables. In an attempt to solve the problem of\r\nmalware obfuscated with the help of runtime packers the IEEE Industry Connections Security Group has\r\nintroduced a software taggant system.\r\nExecutable compression used to be more popular when computers were limited to the storage capacity of floppy\r\ndisks, which were both slow and low capacity media, and small hard drives; it allowed the computer to store more\r\nsoftware in the same amount of space, without the inconvenience of having to manually unpack an archive file\r\nevery time the user wanted to use the software. However, executable compression has become less popular\r\nbecause of increased storage capacity on computers. It has its use in the demoscene where demos have to stay\r\nwithin a size limit, e.g. 64k intro. Only very sophisticated compression formats, which add to load time, keep an\r\nexecutable small enough to enter these competitions.\r\nList of executable packers\r\nhttp://en.wikipedia.org/wiki/Executable_compression\r\nPage 2 of 10\n\n[edit]\r\nCP/M and MSX-DOS executable\r\n[edit]\r\nKnown executable compressors for CP/M-80 / MSX-DOS .COM files:\r\nPMexe (since 1990, written by Yoshihiko Mino, PMARC.COM+PMEXE.CPM, signature \"-pms-\")[1]\r\nPopCom! (since 1992, written by Yoshihiko Mino, POPCOM.COM, signature \"-pc1-\")\r\nKnown executable compressors for MS-DOS-compatible executable files (.COM or .EXE):\r\nRealia Spacemaker (since 1982, written by Robert B. K. Dewar, SM.COM, signature \"MEMORY$\")[2][3]\r\n[4][5][6][7][8][9]\r\nMicrosoft EXEPACK (since 1985, written by Reuben Borman, EXEPACK.EXE, LINK.EXE\r\n/E[XEPACK], signature \"RB\")[9][5][4][10]\r\nLZEXE (since 1989, written by Fabrice Bellard, LZEXE.EXE)[11][12]\r\nPKWare PKLite (since 1990, written by Phil Katz, PKLITE.EXE)[12][13]\r\nDIET (since 1991, written by Teddy Matsumoto, DIET.EXE)[12]\r\nTINYPROG (TINYPROG.EXE)\r\nRJS Software RJCRUSH (since 1994, written by Roland Skinner, RJCRUSH.EXE)\r\nXPA (since 1995, written by JauMing Tseng, XPA.EXE)\r\nIbsen Software aPACK (since 1997, written by Jørgen Ibsen, APACK.EXE)\r\nUPX (since 1998, written by Markus F. X. J. Oberhumer and László Molnár)\r\n32LiTE (since 1998, written by Oleg Prokhorov, 32LITE.EXE)\r\nKnowledge Dynamics LZW Compressor[14]\r\nWWpack (since 1994, written by Piotr Warezak and Rafal Wierzbicki, WWPACK.EXE)\r\n624 (only for .COM files smaller than 25 KB, uses LZW)\r\nAINEXE\r\nAvPack\r\nComPAck\r\nHASP Envelope\r\nLGLZ\r\nPMWLITE\r\nProPack\r\nUCEXE\r\nWDOSX\r\nXE\r\nXPack\r\nKnown executable compressors under OS/2:\r\nNeLite\r\nhttp://en.wikipedia.org/wiki/Executable_compression\r\nPage 3 of 10\n\nLxLite\r\nKnown executable compressors for New Executables:\r\nPackWin\r\nPKWare PKLite (from version 2.01)\r\nWinLite\r\nPortable Executable\r\n[edit]\r\nKnown executable compressors for Portable Executables:\r\nNote: Clients in purple are no longer in development.\r\nName Latest stable Software license x86-64 support\r\n32Lite\r\nAlienyze 1.4 (17 August 2020) Proprietary No\r\nANDpakk2\r\nArmadillo 9.62 (7 June 2013) Proprietary Yes\r\nASPack 2.40 (7 December 2018) Proprietary Yes\r\nASPR (ASProtect) 2.78 (7 December 2018) Proprietary Yes\r\nBeRoEXEPacker\r\nBIN-crypter\r\nBoxedApp Packer 3.3 (26 July 2015) Proprietary Yes\r\nCExe 1.0b (20 July 2001) GPL No\r\nCrinkler 2.3 (22 July 2020) Zlib Yes\r\ndotBundle 1.3 (4 April 2013)[15] Proprietary Yes\r\nEnigma Protector 6.60 (21 August 2019)[16] Proprietary Yes\r\nEnigma Virtual Box 9.40 (10 October 2019)[16] Proprietary Yes\r\nexe32pack\r\nEXE Bundle 3.11 (7 January 2011)[17] Proprietary ?\r\nEXECryptor\r\nhttp://en.wikipedia.org/wiki/Executable_compression\r\nPage 4 of 10\n\nName Latest stable Software license x86-64 support\r\nEXE Stealth 4.14 (29 June 2011)[17] Proprietary ?\r\neXPressor 1.8.0.1 (14 January 2010) Proprietary ?\r\nFSG 2.0 (24 May 2004)[18] Freeware No\r\nkkrunchy src 0.23a4 (Unknown) Public domain No\r\nMEW 1.1 (Unknown) Freeware No\r\nMPRESS 2.19 (2 January 2012) Freeware Yes\r\nMuCruncher\r\nNeoLite\r\nNsPack\r\nObsidium 1.6 (11 April 2017)[19] Proprietary Yes\r\nPECompact\r\nPEPack\r\nPESpin 1.33 (3 May 2011) Freeware Yes\r\nPetite 2.4 (22 September 2016) Freeware No\r\nPKLite32\r\nRLPack Basic 1.21 (31 October 2008) GPL No\r\nShrinker32\r\nSmart Packer Pro X 2.0.0.1 (3 June 2019) Proprietary Yes\r\nThemida/WinLicense 3.2.5.0 (17 November 2025) Proprietary Yes\r\nUpack\r\nUPX 5.0.1 (6 May 2025) GPL Yes\r\nVMProtect 3.4 (3 August 2019) Proprietary Yes\r\nWWPack32 1.20 (19 June 2000) No\r\nXComp/XPack 0.98 (18 February 2007) Freeware No\r\nYoda's Crypte\r\nhttp://en.wikipedia.org/wiki/Executable_compression\r\nPage 5 of 10\n\nName Latest stable Software license x86-64 support\r\nYZPack\r\nKnown executable compressors for ELF files:\r\ngzexe (uses a shell script stub and gzip, works on most Unix-like systems)\r\nHASP Envelope\r\nUPX\r\n624 (for Linux/386)[20]\r\nKnown executable compressors for CLI assembly files:\r\n.NETZ\r\nNsPack\r\nMpress\r\nHASP Envelope\r\ndotBundle\r\nExepack.NET\r\nDotProtect:[21] Commercial protector/packer for .net and mono. Features on-line verifications and\r\n\"industry standard encryption\".\r\nMac OS Classic applications\r\n[edit]\r\nExecutable compressors for Mac OS Classic applications:\r\nApplication VISE[22]\r\nStuffIt InstallerMaker\r\nMach-O (Apple Mac OS X) files\r\n[edit]\r\nKnown executable compressors for Mach-O (Apple Mac OS X) files:\r\nHASP Envelope\r\nUPX\r\nVMProtect\r\nCommodore 64 and VIC-20\r\n[edit]\r\nKnown executable compressors for executables on the Commodore 64 and VIC-20:\r\nhttp://en.wikipedia.org/wiki/Executable_compression\r\nPage 6 of 10\n\nPuCrunch[23]\r\nExomizer[24]\r\nByteBoozer[25]\r\nKnown executable compressors for executables on the Amiga series:\r\npowerpacker[26]\r\nTitanics cruncher[26]\r\nimploder[26]\r\nTNM cruncher\r\nShrinkler[27]\r\nPackFire[28]\r\nKnown executable compressors for Java:\r\nJAR files:\r\nHASP Envelope\r\npack200\r\nProGuard\r\nWAR files:\r\nHASP Envelope\r\nThere are two types of compression that can be applied to JavaScript scripts:\r\nReduce the redundancy in the script (by removing comments, white space and shorten variable and\r\nfunctions names). This does not alter the behavior of the script.\r\nCompress the original script and create a new script that contains decompression code and compressed\r\ndata. This is similar to binary executable compression.\r\nSelf-decompressing compressors\r\n[edit]\r\nThese compress the original script and output a new script that has a decompressor and compressed data.\r\nJsSfx\r\nPackify\r\nRedundancy reducing compressors\r\n[edit]\r\nhttp://en.wikipedia.org/wiki/Executable_compression\r\nPage 7 of 10\n\nThese remove white space, remove comments, and shorten variable and function names but do not alter the\r\nbehavior of the script.\r\nPacker\r\nYUI compressor[29][30]\r\nShrinksafe[30]\r\nJSMin[30]\r\nDisk compression\r\nRAM compression\r\nKolmogorov complexity\r\nSelf-modifying code\r\nSelf-relocating code\r\nSelf-extracting archive\r\nSelf-booting disk\r\n1. ^ Gielen, Pierre; Taylor, Johnathan (1997) [1993]. Logan, Wolverine (ed.). \"PMarc help manual\".\r\nRetrieved 2019-02-22. “[…] PMEXE.CPM […] is a module […] in combination with PMARC […] used to\r\nmake executable compressed COM files (just like LZEXE or PKLITE […] type: PMARC\r\n\u003carchive\u003e.COM=PMEXE2.CPM \u003cfilename\u003e [options] The archive-name must be .COM […] not .PMA.\r\nThe output file will have the extension .CPM. It's an MSX-DOS COM file […] rename file […] to run it\r\n[…]” {{cite web}} : CS1 maint: deprecated archival service (link)\r\n2. ^ \"Expert Report of Robert B. K. Dewar In Response To The Report Of Kenneth D. Crews\". Cambridge\r\nUniversity Press et al v. Patton et al, Filing 124, Supplemental Initial Disclosures by Cambridge University\r\nPress, Oxford University Press, Inc., Sage Publications, Inc. - Cambridge University Press, Oxfort\r\nUniversity Press, Inc., and Sage Publications, Inc. v. Mark P. Becker, Georgia State University President, et\r\nal, Civil Action No. 1:08-CV-1425-ODE (Court document). United States District Court For The Northern\r\nDistrict Of Georgia, Atlanta Division. p. 18. Exhibit A. Archived from the original on 2018-05-01.\r\nRetrieved 2019-04-23. “[…] SPACEMAKER and TERMULATOR, commodity software for IBM PC (PC\r\nDOS file compression utility and VT-100 emulator), being marketed by Realia, Inc. R.B.K. Dewar (1982–\r\n1983), 8088 assembly language, 8,000 lines […]”\r\n3. ^ Realia, Inc. (January 1983). \"If you use DOS, you need this program\". PC Magazine (advertisement). 2\r\n(9). Ziff-Davis Publishing: 417. Retrieved 2019-04-22. {{cite journal}} : CS1 maint: deprecated archival\r\nservice (link)\r\n4. ^ Jump up to: a\r\n \r\nb\r\n Dewar, Robert Berriedale Keith (1984-03-13). \"DOS 3.1 ASMB (Another Silly Microsoft\r\nBug)\". info-ibmpc@USC-ISIB.ARPA. Archived from the original on 2018-05-01. Retrieved 2019-04-23.\r\n“[…] The /E option of the linker should generate an EXE file which is logically equivalent to the\r\nuncompressed EXE file. The current version […] results in AX being clobbered. AX on entry to an EXE file\r\nhas a definite meaning (it indicates drive validity for the parameters), thus it should be passed through to\r\nthe uncompressed image. Given this one very obvious violation of the interface rules, there may be others, I\r\nhave not bothered to investigate further […] I did write the Realia SpaceMaker program which does a\r\nsimilar sort of thing to the EXEPACK option (but needless to say does not have this particular […]”\r\nhttp://en.wikipedia.org/wiki/Executable_compression\r\nPage 8 of 10\n\n5. ^ Jump up to: a\r\n \r\nb\r\n Paul, Matthias R. (2002-10-07) [2000]. \"Re: masm .com (PSP) related trouble\".\r\nNewsgroup: alt.lang.asm. Retrieved 2017-09-03. {{cite newsgroup}} : CS1 maint: deprecated archival\r\nservice (link)\r\n6. ^ Necasek, Michal (2018-04-30). \"Realia SpaceMaker\". OS/2 Museum. Archived from the original on\r\n2019-01-27. Retrieved 2019-02-22.\r\n7. ^ Parsons, Jeff (2019-01-10). \"An Update on Early Norton Utilities\". PCjs. Archived from the original on\r\n2019-01-29. Retrieved 2019-02-22.\r\n8. ^ Necasek, Michal (2019-01-12). \"Yep, Norton Did It\". OS/2 Museum. Archived from the original on 2019-\r\n04-22. Retrieved 2019-04-22.\r\n9. ^ Jump up to: a\r\n \r\nb\r\n Necasek, Michal (2018-03-23). \"EXEPACK and the A20-Gate\". OS/2 Museum. Archived\r\nfrom the original on 2018-11-13. Retrieved 2019-04-20.\r\n10. ^ Miles, Ya'akov; Nather, Ed (1986-05-17) [1986-02-05, 1986-02-09]. \"Undocumented Microsoft LINK\r\noption: /E\". INFO-IBMPC mailing list. Archived from the original on 2018-05-01. Retrieved 2019-04-26.\r\n“[Miles:] There exists an undocumented […] switch to Microsoft LINK.EXE […], which will cause an\r\nautomatic compaction during binding. This process will eliminate storage for uninitialized arrays from the\r\n.EXE file produced by the linker […] To use this feature, specify the /E option to the command line […]\r\n[Nather:] The option does not exist in MS Link versions 3.00 and 3.01 [Miles:] By comparing the sizes of\r\nthe (packed) files generated from LINK ver 3.02 and the /E option with the size of the .EXE file manually\r\npacked with […] EXEPACK, I have come to the conclusion that LINK ver 3.02 option /E generates\r\nEXACTLY the same size file as manually running EXEPACK on a regular .EXE file output by LINK […]”\r\n11. ^ Bellard, Fabrice (2003-02-09). \"LZEXE home page\". bellard.org. Archived from the original on 2019-\r\n03-24. Retrieved 2019-03-18.\r\n12. ^ Jump up to: a\r\n \r\nb\r\n \r\nc\r\n Salomon, David (2000) [1998]. \"Chapter 3.22: EXE Compressors\". Data Compression:\r\nThe Complete Reference (2 ed.). Springer-Verlag. p. 212. doi:10.1007/978-3-642-86092-8. ISBN 978-3-\r\n540-78086-1. S2CID 35889155. Archived from the original on 2022-04-07. Retrieved 2019-04-26.\r\n13. ^ Paul, Matthias R. (2002-04-11). \"Re: [fd-dev] ANNOUNCE: CuteMouse 2.0 alpha 1\". freedos-dev.\r\nArchived from the original on 2020-02-21. Retrieved 2020-02-21. “[…] \u003e no one packer may pack combos\r\nlike .SYS+.COM or .SYS+.EXE. […] There are packers for .COM or .EXE and others for .SYS, but I too\r\nhave not seen a packer which supports both in one. […] possibility to combine a program/TSR and device\r\ndriver in .EXE files […] and a program/TSR.COM and device driver into a .COM program […] It might\r\nalso be possible to add another self-made stub to the file, after it has already been compressed […] all the\r\ncompressed DR-DOS device drivers use a similar technique to let the normal PKLITE .COM decompressor\r\nwork with .SYS files (meanwhile PKLITE supports a similar feature for .SYS files itself). […]” (NB.\r\nPKLITE 1.50 (1995) and higher gained the capability to compress device drivers, but not combined\r\nCOM+SYS drivers.)\r\n14. ^ \"Google Code Archive - Long-term storage for Google Code Project Hosting\". Archived from the\r\noriginal on 2021-12-03. Retrieved 2022-04-07.\r\n15. ^ \"DotBundle - Download an evaluation version\". Archived from the original on 2013-08-21. Retrieved\r\n2013-05-06.\r\n16. ^ Jump up to: a\r\n \r\nb\r\n \"Software Protection, Software Licensing, Software Virtualization\". Archived from the\r\noriginal on 2018-03-13. Retrieved 2018-03-12.\r\nhttp://en.wikipedia.org/wiki/Executable_compression\r\nPage 9 of 10\n\n17. ^ Jump up to: a\r\n \r\nb\r\n \"WebtoolMaster Software News\". Archived from the original on 2020-07-20. Retrieved\r\n2012-01-15.\r\n18. ^ \"Archived copy\". www.xtreeme.prv.pl. Archived from the original on 2004-05-25. Retrieved 2022-01-15.\r\n{{cite web}} : CS1 maint: archived copy as title (link)\r\n19. ^ \"Download | Obsidium Software Protection System\". Archived from the original on 2019-02-07.\r\nRetrieved 2017-04-18.\r\n20. ^ \"624\".\r\n21. ^ DotProtect http://site.yvansoftware.be/dotpacker1_0 Archived 22 January 2011 at the Wayback Machine\r\n22. ^ Kiene, Steve; Mark, Dave (1999). \"A Chat With Steve Kiene\". MacTech. Vol. 15, no. 4. Archived from the\r\noriginal on 2017-12-10. Retrieved 2017-12-10.\r\n23. ^ \"Lossless Data Compression Program: Hybrid LZ77 RLE\". www.cs.tut.fi. Archived from the original on\r\n2014-07-30. Retrieved 2022-01-15.\r\n24. ^ web.comhem.se/~u13114991/exo/\r\n25. ^ \"ByteBoozer (PC)\". Archived from the original on 2022-08-15. Retrieved 2022-04-07.\r\n26. ^ Jump up to: a\r\n \r\nb\r\n \r\nc\r\n \"Crunchers to download\".\r\n27. ^ \"Askeksa/Shrinkler\". GitHub. 2021-09-25. Archived from the original on 2022-04-07. Retrieved 2022-\r\n04-07.\r\n28. ^ \"PackFire v1.2k by Neural\". Archived from the original on 2024-06-30. Retrieved 2022-04-07.\r\n29. ^ Nizamettin Gok and Nitin Khanna. \"Building Hybrid Android Apps with Java and JavaScript\". Publisher:\r\nO'Reilly Media. 2013. p. 32. quote: \"YUI Compressor is ... is one of the most popular JavaScript minifier\r\ntools\"\r\n30. ^ Jump up to: a\r\n \r\nb\r\n \r\nc\r\n Nicholas C. Zakas \"Professional JavaScript for Web Developers\". 2011. p. 768-769.\r\nquote: \"Crunchers: An important part of the JavaScript build process ... JSMin ... Dojo ShrinkSafe ... and ...\r\nYUI compressor ...\"\r\nSource: http://en.wikipedia.org/wiki/Executable_compression\r\nhttp://en.wikipedia.org/wiki/Executable_compression\r\nPage 10 of 10",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"http://en.wikipedia.org/wiki/Executable_compression"
	],
	"report_names": [
		"Executable_compression"
	],
	"threat_actors": [],
	"ts_created_at": 1775434402,
	"ts_updated_at": 1775791232,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3e471d355a190b956b485ad3b6b8fc35a8b24d53.pdf",
		"text": "https://archive.orkl.eu/3e471d355a190b956b485ad3b6b8fc35a8b24d53.txt",
		"img": "https://archive.orkl.eu/3e471d355a190b956b485ad3b6b8fc35a8b24d53.jpg"
	}
}