Executable Packers

GovernmentSecurity.org > The Archives > General Network Security

Alexander01

Apr 12 2004, 07:57 AM

Is there a kind of tool that can analyse the executable-packer of a compressed exe... i know u can find this out by opening the exe in a hex-editor or reshacker but in the most cases it didn't work for me..

laggy

Apr 12 2004, 09:56 AM

http://www.kaspersky.com/scanforvirus.html will tell you

e.g.

wnshll.exe Packed: Morphine
wnshll.exe Packed: UPX
wnshll.exe Infected: Backdoor.Winshell.50

Progressor

Apr 12 2004, 10:00 AM

The best file analyzer:

http://peid.has.it

misa

Apr 12 2004, 04:53 PM

and the best page to find unpackers:

http://www.exetools.com/unpackers.htm

migo

Apr 12 2004, 06:44 PM

why don't u try
Pro Tools

phoney

Apr 12 2004, 06:53 PM

I use Aspack.
When its packed use antivir or norten and it find nothing

greetz phoney

Alexander01

Apr 12 2004, 07:36 PM

i have analysed the executable with PEiD
it's rewritted with morphine 1.2
is there any way to get the executables info back?

Progressor

Apr 13 2004, 05:39 AM

QUOTE (Alexander01 @ Apr 12 2004, 07:36 PM)

i have analysed the executable with PEiD
it's rewritted with morphine 1.2
is there any way to get the executables info back?

Yeah, you can try these dumpers/unpackers:

http://wasm.ru/tools/6/qunp.zip
http://wasm.ru/tools/6/petools.zip
http://wasm.ru/tools/6/lordpe14.zip
http://wasm.ru/tools/6/petool.zip

But after dumping you will have to change file a little... if you don't know asm, you won't succeed.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.