[unisog] New Bot variants making rounds

Michael Holstein michael.holstein at csuohio.edu
Mon Apr 4 21:10:48 GMT 2005


> I saw this once, it was a upx compressed self extracting rar file...
> norman extracted the exe, but didn't run it.  In that case, I unpacked
> it manually and submitted the resulting .exe and got some more useful
> info.

upx -d srv32.exe
upx: srv32.exe: NotPackedException: not packed by UPX

unrar e srv32.exe
srv32.exe is not RAR archive

unzip srv32.exe
unzip:  cannot find zipfile directory in one of srv32.exe or
         srv32.exe.zip, and cannot find srv32.exe.ZIP, period.


Now I remember a posting (UNISOG? Full-Disclosure?) that had a whole 
list of tools for dealing with all the possible ways things can be 
packed/compressed -- but I can't place it for the life of me.

Anybody know a UNIX utility that can identify what the packer/compressor 
used on a .exe was?

~Mike.


More information about the unisog mailing list