[unisog] identifying packed executables

David Foster foster at ncmir.ucsd.edu
Fri May 6 20:52:14 GMT 2005


# file COMPTRACK.zip
COMPTRACK.zip:  ZIP archive

Works for the common stuff.

Dave Foster

Michael Holstein wrote:
> I know I've read an article which discusses a UNIX tool that can 
> (attempt) to identify what a particular file was packed with. Just can't 
> seem to make Google find it for me.
> 
> This is of obvious use when doing virus/bot research.
> 
> The standard UNIX 'file' command will always say "win32 executable" -- 
> what I need is a tool that can tell me if the first layer of compression 
> is UPX or whatever -- without having to try and un[upx|rar|zip|etc] it 
> with every tool in the belt.
> 
> Anyone know the name of such a gem?
> 
> Cheers,
> 
> Michael Holstein CISSP GCIA
> Cleveland State University
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog

-- 

    << All opinions expressed are mine, not the University's >>

   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
    David Foster    National Center for Microscopy and Imaging Research
     IT Manager, Programmer   University of California, San Diego
     dfoster[at]ucsd[dot]edu  Department of CRBS, Mail 0608
     (858) 534-7968           http://ncmir.ucsd.edu/
   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

    "The reasonable man adapts himself to the world; the unreasonable one
    persists in trying to adapt the world to himself.  Therefore, all 
progress
    depends on the unreasonable."   -- George Bernard Shaw


More information about the unisog mailing list