[unisog] identifying packed executables
tebodell at gmail.com
Fri May 6 21:30:34 GMT 2005
Check at http://protools.reverse-engineering.net/utilities.htm under
the scanners section. I haven't tested all of them and I'm not sure
how many are up-to-date but give it a shot. I know there are at least
some Java based ones.
On 5/6/05, Michael Holstein <michael.holstein at csuohio.edu> wrote:
> I know I've read an article which discusses a UNIX tool that can
> (attempt) to identify what a particular file was packed with. Just can't
> seem to make Google find it for me.
> This is of obvious use when doing virus/bot research.
> The standard UNIX 'file' command will always say "win32 executable" --
> what I need is a tool that can tell me if the first layer of compression
> is UPX or whatever -- without having to try and un[upx|rar|zip|etc] it
> with every tool in the belt.
> Anyone know the name of such a gem?
> Michael Holstein CISSP GCIA
> Cleveland State University
> unisog mailing list
> unisog at lists.sans.org
More information about the unisog