Skip to main content
Reverse Engineering

All Questions

Ask Question
Tagged with
8 questions
Newest Active Bountied Unanswered
3 votes
2 answers
560 views

How can I retrieve image files embedded/compressed in a MPL file?

There are some images hidden somewhere in a PE I have, I can't figure out how to extract them. This PE is from around 1997 (I think it's 32 bit) and I believe it contains some 3D model renders from ...
Mowkitty's user avatar
Mowkitty
  • 41
0 votes
1 answer
145 views

Large number of exports defined in a PE .exe file

I have a (non-malicious) PE exe that I'm analyzing, which is using the Themida/WinLicense packer and noticed that it has 479 defined exports, which seems odd for an exe. Some of the functions are ...
Chris's user avatar
Chris
  • 35
1 vote
1 answer
886 views

bypassing anti-VM inside protected samples

This is a good starting point. As you know: Sandboxes and virtual environments (hypervisors) are full of artifacts that betray their analysis environment. Malware can protect itself against these by ...
zerocool's user avatar
zerocool
  • 163
2 votes
2 answers
2k views

Packed PE file and weird Header

I'm new to reverse engineering, so I don't know if my question will be easy or not. Right now I have an exe file, but it seems packed. In the hex Dump I do have the followings : 000003d0: 0055 5058 ...
Wheatstone's user avatar
Wheatstone
  • 21
2 votes
2 answers
11k views

Packed PE-file, where to start?

I'm new to reverse engineering, so maybe it's an easy question but not for me). I've got .exe file which is somehow packed. When I open it with IDA, I got warning that file was packed or modified, and ...
Elventian's user avatar
Elventian
  • 23
1 vote
2 answers
3k views

debug a .dll compressed with pe compact

I am trying to load a DLL in IDA and OllyDbg, but it says the file is compressed. I checked with a couple of tools and came to know that the file is compressed with PECompact. I think it also has ...
ASHUTOSH's user avatar
ASHUTOSH
  • 203
2 votes
0 answers
3k views

Unpacking Inno Setup installers with InnoExtractor?

I want to know how to use the application InnoExtractor to unpack/extract the files of Inno Setup installers. Some good tutorial/video to learn? I get this application from here.
user8067's user avatar
user8067
  • 21
43 votes
3 answers
28k views

Unpacking binaries in a generic way

I find that more and more often binaries are being packed with exe protectors such as upx, aspack etc. I tried to follow a few tutorials on how to unpack them but the examples are often quite easy ...
Remko's user avatar
Remko
  • 3,283