red death68 Posted March 8, 2009 Share Posted March 8, 2009 i have 2 exe files one is visualboyadvance and the other is ePSXe and they both recently got one common file inside of them selves infected with a virus i want to open them to try and "clean" them of the virus so my antivirus programs stop going haywire Link to comment Share on other sites More sharing options...
zeroFX Posted March 10, 2009 Share Posted March 10, 2009 You should test the files via virustotal.com, possibility's not that bad, it's just because of a/ the runtime-compression. Link to comment Share on other sites More sharing options...
red death68 Posted March 10, 2009 Author Share Posted March 10, 2009 here are the results if it helpsvisualboyadvanceAdditional informationFile size: 1578133 bytesMD5...: 115a896497b4eca2edc4aec174e011cdSHA1..: af138da4fd3634944c1a843aab5f0c373dbfd01bSHA256: 67e4e41714c098bb00b0dd1f33ff585720ccf31b3c8a8268c4d905a71b37853eSHA512: a4bd9194201c68d09476d5f43a83f0fa8f7354c447ff0f76227c67a0d1c612639fb2f405c084f33e84dcd8a737ad6f1f4d171b796853f13099e1a882197bba70ssdeep: 24576:/PoLrqwBfKjZDPFhw17arUPHnosAp8QjtD/i4ade4aH14DhKKTGQw28jKYG72n40:++DFhwJar0g8leeYBPEiD..: Armadillo v1.71TrID..: File type identificationWin64 Executable Generic (54.6%)Win32 Executable MS Visual C++ (generic) (24.0%)Windows Screen Saver (8.3%)Win32 Executable Generic (5.4%)Win32 Dynamic Link Library (generic) (4.8%)PEInfo: PE Structure information( base data )entrypointaddress.: 0x257ftimedatestamp.....: 0x490de544 (Sun Nov 02 17:37:08 2008)machinetype.......: 0x14c (I386)( 3 sections )name viradd virsiz rawdsiz ntrpy md5.bss 0x1000 0xb4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.data 0x2000 0x9c4 0xa00 5.93 c872aec4a612bfe38f5ce15b4a64cf21.rsrc 0x3000 0x17c4 0x1800 3.92 f1afbef5a2b2550d3b4fdb5fa572eb29( 3 imports )> KERNEL32.dll: GetTempPathA, WinExec, GetModuleHandleA, MoveFileExA, ExitProcess, GetModuleFileNameA, DeleteFileA, SetFileAttributesA, GetStartupInfoA> ADVAPI32.dll: RegQueryValueExA, RegCloseKey, RegOpenKeyExA> MSVCRT.dll: fwrite, fread, fopen, fseek, fclose, _exit, _XcptFilter, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, strncat--------------------------------------------------------------------------------------------------------------ePSXeAdditional informationFile size: 305301 bytesMD5...: 5e56bc283dc8325da7bd81e4386d6b72SHA1..: 904bb8782e7908fc0bcc7267617f848d6e1bc10eSHA256: 6a3353b5bfa47b0adab6931892402c8ed681e4bc815212e245ffdf796704c466SHA512: 46457d3dd29c3afb8f9ed7eec792ad73f9fb3c493231b6899a179d3be3323b3241e8662fe6847f9eb20650acc787a82b0c11dcd4a27a6fde56a896cd962c22acssdeep: 6144:DZJDp25hL5waRC4FZHh0MdF3KXpTmWENHSS6:DzpqQas47hxKXpTjENHePEiD..: Armadillo v1.71TrID..: File type identificationUPX compressed Win32 Executable (39.5%)Win32 EXE Yoda's Crypter (34.3%)Win32 Executable Generic (11.0%)Win32 Dynamic Link Library (generic) (9.8%)Generic Win/DOS Executable (2.5%)PEInfo: PE Structure information( base data )entrypointaddress.: 0x257ftimedatestamp.....: 0x490de544 (Sun Nov 02 17:37:08 2008)machinetype.......: 0x14c (I386)( 3 sections )name viradd virsiz rawdsiz ntrpy md5.bss 0x1000 0xb4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.data 0x2000 0x9c4 0xa00 5.93 c872aec4a612bfe38f5ce15b4a64cf21.rsrc 0x3000 0x17c4 0x1800 3.02 8c8364b071b6b137cb6da5a3624203b3( 3 imports )> KERNEL32.dll: GetTempPathA, WinExec, GetModuleHandleA, MoveFileExA, ExitProcess, GetModuleFileNameA, DeleteFileA, SetFileAttributesA, GetStartupInfoA> ADVAPI32.dll: RegQueryValueExA, RegCloseKey, RegOpenKeyExA> MSVCRT.dll: fwrite, fread, fopen, fseek, fclose, _exit, _XcptFilter, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, strncat Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now