is there any way to find out what packer was used to compress one EXE?
i know that you can know if it's "upx" if you use some hex editor and search for it.. but when it's not upx, is there any software that finds out which one was used..?
Full Version: Finding What Packer Was Used
yes Peid does the job fine.
hxxp://peid.has.it - just if others didnt know the site 
Grab those plugins too.
Grab those plugins too.
The way I find if a file is compressed or not, is by opening it up in a Notepad, then searching for strings like UPX, FSG, MEW, Aspack, PEC, etc. This primarily shows which packer has it been compressed with & then I unpack'em with the un-packers.
This method though has some drawbacks. There are some tools - The Scramble tool which can clean the signatures of the Packer. So well, then I load my fav - KAV to scan & it tells me the pack info!
This method though has some drawbacks. There are some tools - The Scramble tool which can clean the signatures of the Packer. So well, then I load my fav - KAV to scan & it tells me the pack info!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
