trying to open 2 diff exe files to delete inner parts

[red death68]

i have 2 exe files one is visualboyadvance and the other is ePSXe and they both recently got one common file inside of them selves infected with a virus i want to open them to try and "clean" them of the virus so my antivirus programs stop going haywire

[zeroFX]

You should test the files via virustotal.com, possibility's not that bad, it's just because of a/ the runtime-compression.

[red death68]

here are the results if it helps

visualboyadvance

Additional information

File size: 1578133 bytes

MD5...: 115a896497b4eca2edc4aec174e011cd

SHA1..: af138da4fd3634944c1a843aab5f0c373dbfd01b

SHA256: 67e4e41714c098bb00b0dd1f33ff585720ccf31b3c8a8268c4d905a71b37853e

SHA512: a4bd9194201c68d09476d5f43a83f0fa8f7354c447ff0f76227c67a0d1c61263

9fb2f405c084f33e84dcd8a737ad6f1f4d171b796853f13099e1a882197bba70

ssdeep: 24576:/PoLrqwBfKjZDPFhw17arUPHnosAp8QjtD/i4ade4aH14DhKKTGQw28jKY

G72n40:++DFhwJar0g8leeYB

PEiD..: Armadillo v1.71

TrID..: File type identification

Win64 Executable Generic (54.6%)

Win32 Executable MS Visual C++ (generic) (24.0%)

Windows Screen Saver (8.3%)

Win32 Executable Generic (5.4%)

Win32 Dynamic Link Library (generic) (4.8%)

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x257f

timedatestamp.....: 0x490de544 (Sun Nov 02 17:37:08 2008)

machinetype.......: 0x14c (I386)

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

.bss 0x1000 0xb4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

.data 0x2000 0x9c4 0xa00 5.93 c872aec4a612bfe38f5ce15b4a64cf21

.rsrc 0x3000 0x17c4 0x1800 3.92 f1afbef5a2b2550d3b4fdb5fa572eb29

( 3 imports )

> KERNEL32.dll: GetTempPathA, WinExec, GetModuleHandleA, MoveFileExA, ExitProcess, GetModuleFileNameA, DeleteFileA, SetFileAttributesA, GetStartupInfoA

> ADVAPI32.dll: RegQueryValueExA, RegCloseKey, RegOpenKeyExA

> MSVCRT.dll: fwrite, fread, fopen, fseek, fclose, _exit, _XcptFilter, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, strncat

--------------------------------------------------------------------------------------------------------------

ePSXe

Additional information

File size: 305301 bytes

MD5...: 5e56bc283dc8325da7bd81e4386d6b72

SHA1..: 904bb8782e7908fc0bcc7267617f848d6e1bc10e

SHA256: 6a3353b5bfa47b0adab6931892402c8ed681e4bc815212e245ffdf796704c466

SHA512: 46457d3dd29c3afb8f9ed7eec792ad73f9fb3c493231b6899a179d3be3323b32

41e8662fe6847f9eb20650acc787a82b0c11dcd4a27a6fde56a896cd962c22ac

ssdeep: 6144:DZJDp25hL5waRC4FZHh0MdF3KXpTmWENHSS6:DzpqQas47hxKXpTjENHe

PEiD..: Armadillo v1.71

TrID..: File type identification

UPX compressed Win32 Executable (39.5%)

Win32 EXE Yoda's Crypter (34.3%)

Win32 Executable Generic (11.0%)

Win32 Dynamic Link Library (generic) (9.8%)

Generic Win/DOS Executable (2.5%)

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0x257f

timedatestamp.....: 0x490de544 (Sun Nov 02 17:37:08 2008)

machinetype.......: 0x14c (I386)

( 3 sections )

name viradd virsiz rawdsiz ntrpy md5

.bss 0x1000 0xb4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e

.data 0x2000 0x9c4 0xa00 5.93 c872aec4a612bfe38f5ce15b4a64cf21

.rsrc 0x3000 0x17c4 0x1800 3.02 8c8364b071b6b137cb6da5a3624203b3

( 3 imports )

> KERNEL32.dll: GetTempPathA, WinExec, GetModuleHandleA, MoveFileExA, ExitProcess, GetModuleFileNameA, DeleteFileA, SetFileAttributesA, GetStartupInfoA

> ADVAPI32.dll: RegQueryValueExA, RegCloseKey, RegOpenKeyExA

> MSVCRT.dll: fwrite, fread, fopen, fseek, fclose, _exit, _XcptFilter, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, strncat