Polymorphic Malware

Polymorphic malware uses an encryption/packing layer and a small mutating decryptor so that every copy of the file looks different to signature-based antivirus, even though the decrypted payload is identical. This frustrates static hash-based detection and exact-byte signatures. Polymorphic engines often include random instruction reordering, junk-code insertion and variable register usage. Unlike metamorphic malware, the underlying payload is not rewritten — only its outer wrapper changes. Effective defences rely on behavioural detection, memory scanning post-unpack, YARA rules targeting decrypted strings, EDR/XDR, and machine-learning classifiers trained on dynamic features rather than file bytes alone.