All Questions
8
questions
3
votes
2
answers
560
views
How can I retrieve image files embedded/compressed in a MPL file?
There are some images hidden somewhere in a PE I have, I can't figure out how to extract them.
This PE is from around 1997 (I think it's 32 bit) and I believe it contains some 3D model renders from ...
0
votes
1
answer
145
views
Large number of exports defined in a PE .exe file
I have a (non-malicious) PE exe that I'm analyzing, which is using the Themida/WinLicense packer and noticed that it has 479 defined exports, which seems odd for an exe. Some of the functions are ...
1
vote
1
answer
886
views
bypassing anti-VM inside protected samples
This is a good starting point.
As you know:
Sandboxes and virtual environments (hypervisors) are full of artifacts that betray their analysis environment. Malware can protect itself against these by ...
2
votes
2
answers
2k
views
Packed PE file and weird Header
I'm new to reverse engineering, so I don't know if my question will be easy or not.
Right now I have an exe file, but it seems packed. In the hex Dump I do have the followings :
000003d0: 0055 5058 ...
2
votes
2
answers
11k
views
Packed PE-file, where to start?
I'm new to reverse engineering, so maybe it's an easy question but not for me).
I've got .exe file which is somehow packed.
When I open it with IDA, I got warning that file was packed or modified, and ...
1
vote
2
answers
3k
views
debug a .dll compressed with pe compact
I am trying to load a DLL in IDA and OllyDbg, but it says the file is compressed. I checked with a couple of tools and came to know that the file is compressed with PECompact. I think it also has ...
2
votes
0
answers
3k
views
Unpacking Inno Setup installers with InnoExtractor?
I want to know how to use the application InnoExtractor to unpack/extract the files of Inno Setup installers. Some good tutorial/video to learn?
I get this application from here.
43
votes
3
answers
28k
views
Unpacking binaries in a generic way
I find that more and more often binaries are being packed with exe protectors such as upx, aspack etc. I tried to follow a few tutorials on how to unpack them but the examples are often quite easy ...