When a packed program runs, the small wrapper program that is used to decompress the file and run the file. When a packed program is analyzed statically, only the small wrapper program is dissected.
The original file is the file that contains all the strings and imports which are compressed and invisible to most static analysis tools.
Tools that can be used to determine the type of packer/compiler to build an application:
- PEid
Source: Practical Malware Analysis
