[unisog] identifying packed executables
foster at ncmir.ucsd.edu
Fri May 6 20:52:14 GMT 2005
# file COMPTRACK.zip
COMPTRACK.zip: ZIP archive
Works for the common stuff.
Michael Holstein wrote:
> I know I've read an article which discusses a UNIX tool that can
> (attempt) to identify what a particular file was packed with. Just can't
> seem to make Google find it for me.
> This is of obvious use when doing virus/bot research.
> The standard UNIX 'file' command will always say "win32 executable" --
> what I need is a tool that can tell me if the first layer of compression
> is UPX or whatever -- without having to try and un[upx|rar|zip|etc] it
> with every tool in the belt.
> Anyone know the name of such a gem?
> Michael Holstein CISSP GCIA
> Cleveland State University
> unisog mailing list
> unisog at lists.sans.org
<< All opinions expressed are mine, not the University's >>
David Foster National Center for Microscopy and Imaging Research
IT Manager, Programmer University of California, San Diego
dfoster[at]ucsd[dot]edu Department of CRBS, Mail 0608
(858) 534-7968 http://ncmir.ucsd.edu/
"The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore, all
depends on the unreasonable." -- George Bernard Shaw
More information about the unisog