Menu
I've found an application which seems to be packed. I opened it with some hex editor and it contains "UPX1" section and "3.00 UPX!" string. Unfortunately I'm not able to decompress it with upx latest, it says "not packed by UPX". Is there a way to find out what other PE compressors/crypters were used?
238
PEiD is the tool you want. It can detect a variety of unpackers, attempt to unpack any packed exe (regardless of packing scheme), do simple disassembly, detect encryption algorithms present in the source code (not the encryption scheme of the exe, to be clear), and more. But primarily, it is an identifier of packers, cryptors, and compilers of an exe.
154
In many cases, a packaged executable starts with the launch program, followed by a standard zip file. This is possible because the ZIP header is at the end of the file, so you can prepend arbitrary data to a zip file, and it remains to be a zipfile. So try unzipping it, and see whether that works.
44
Development and Support of PEiD has been discontinued in April 2011 but it's still the best tool available for Packer detection.
you can also use ExeScan .it is available here
42
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
