Prosys
May 19 2005, 03:22 PM
is there any way to find out what packer was used to compress one EXE?
i know that you can know if it's "upx" if you use some hex editor and search for it.. but when it's not upx, is there any software that finds out which one was used..?
DiabloPatch
May 19 2005, 03:35 PM
yes Peid does the job fine.
ash^
May 23 2005, 04:16 AM
hxxp://peid.has.it - just if others didnt know the site
Grab those plugins too.
METAHUMAN
May 23 2005, 06:57 AM
The way I find if a file is compressed or not, is by opening it up in a Notepad, then searching for strings like UPX, FSG, MEW, Aspack, PEC, etc. This primarily shows which packer has it been compressed with & then I unpack'em with the un-packers.
This method though has some drawbacks. There are some tools - The Scramble tool which can clean the signatures of the Packer. So well, then I load my fav - KAV to scan & it tells me the pack info!
