[unisog] identifying packed executables

Ty Bodell tebodell at gmail.com
Fri May 6 21:30:34 GMT 2005


Check at http://protools.reverse-engineering.net/utilities.htm under
the scanners section.  I haven't tested all of them and I'm not sure
how many are up-to-date but give it a shot.  I know there are at least
some Java based ones.

HTH,
Ty Bodell

On 5/6/05, Michael Holstein <michael.holstein at csuohio.edu> wrote:
> I know I've read an article which discusses a UNIX tool that can
> (attempt) to identify what a particular file was packed with. Just can't
> seem to make Google find it for me.
> 
> This is of obvious use when doing virus/bot research.
> 
> The standard UNIX 'file' command will always say "win32 executable" --
> what I need is a tool that can tell me if the first layer of compression
> is UPX or whatever -- without having to try and un[upx|rar|zip|etc] it
> with every tool in the belt.
> 
> Anyone know the name of such a gem?
> 
> Cheers,
> 
> Michael Holstein CISSP GCIA
> Cleveland State University
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
>



More information about the unisog mailing list