[unisog] identifying packed executables

Michael Holstein michael.holstein at csuohio.edu
Fri May 6 18:33:51 GMT 2005


I know I've read an article which discusses a UNIX tool that can 
(attempt) to identify what a particular file was packed with. Just can't 
seem to make Google find it for me.

This is of obvious use when doing virus/bot research.

The standard UNIX 'file' command will always say "win32 executable" -- 
what I need is a tool that can tell me if the first layer of compression 
is UPX or whatever -- without having to try and un[upx|rar|zip|etc] it 
with every tool in the belt.

Anyone know the name of such a gem?

Cheers,

Michael Holstein CISSP GCIA
Cleveland State University


More information about the unisog mailing list