[unisog] identifying packed executables

David Foster foster at ncmir.ucsd.edu
Fri May 6 20:52:14 GMT 2005

# file COMPTRACK.zip
COMPTRACK.zip:  ZIP archive

Works for the common stuff.

Dave Foster

Michael Holstein wrote:
> I know I've read an article which discusses a UNIX tool that can 
> (attempt) to identify what a particular file was packed with. Just can't 
> seem to make Google find it for me.
> This is of obvious use when doing virus/bot research.
> The standard UNIX 'file' command will always say "win32 executable" -- 
> what I need is a tool that can tell me if the first layer of compression 
> is UPX or whatever -- without having to try and un[upx|rar|zip|etc] it 
> with every tool in the belt.
> Anyone know the name of such a gem?
> Cheers,
> Michael Holstein CISSP GCIA
> Cleveland State University
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog


    << All opinions expressed are mine, not the University's >>

    David Foster    National Center for Microscopy and Imaging Research
     IT Manager, Programmer   University of California, San Diego
     dfoster[at]ucsd[dot]edu  Department of CRBS, Mail 0608
     (858) 534-7968           http://ncmir.ucsd.edu/

    "The reasonable man adapts himself to the world; the unreasonable one
    persists in trying to adapt the world to himself.  Therefore, all 
    depends on the unreasonable."   -- George Bernard Shaw

More information about the unisog mailing list