[unisog] New Bot variants making rounds
michael.holstein at csuohio.edu
Mon Apr 4 21:10:48 GMT 2005
> I saw this once, it was a upx compressed self extracting rar file...
> norman extracted the exe, but didn't run it. In that case, I unpacked
> it manually and submitted the resulting .exe and got some more useful
upx -d srv32.exe
upx: srv32.exe: NotPackedException: not packed by UPX
unrar e srv32.exe
srv32.exe is not RAR archive
unzip: cannot find zipfile directory in one of srv32.exe or
srv32.exe.zip, and cannot find srv32.exe.ZIP, period.
Now I remember a posting (UNISOG? Full-Disclosure?) that had a whole
list of tools for dealing with all the possible ways things can be
packed/compressed -- but I can't place it for the life of me.
Anybody know a UNIX utility that can identify what the packer/compressor
used on a .exe was?
More information about the unisog