Frontpage
Forums
Tutorials
Members
Calendar
Subscription
Donate
Links
Contact 
Help
i have 2 exe files one is visualboyadvance and the other is ePSXe and they both recently got one common file inside of them selves infected with a virus i want to open them to try and "clean" them of the virus so my antivirus programs stop going haywire
Page 1 of 1
trying to open 2 diff exe files to delete inner parts title says it all
Back to top
#2
- random lateral thinker
- Group: Members
- Posts: 38
- Joined: 16-August 06
- OS:Windows 7 x64
-
Country:
Posted 10 March 2009 - 03:13 PM
You should test the files via virustotal.com, possibility's not that bad, it's just because of a/ the runtime-compression.
#3
Posted 10 March 2009 - 04:21 PM
here are the results if it helps
visualboyadvance
Additional information
File size: 1578133 bytes
MD5...: 115a896497b4eca2edc4aec174e011cd
SHA1..: af138da4fd3634944c1a843aab5f0c373dbfd01b
SHA256: 67e4e41714c098bb00b0dd1f33ff585720ccf31b3c8a8268c4d905a71b37853e
SHA512: a4bd9194201c68d09476d5f43a83f0fa8f7354c447ff0f76227c67a0d1c61263
9fb2f405c084f33e84dcd8a737ad6f1f4d171b796853f13099e1a882197bba70
ssdeep: 24576:/PoLrqwBfKjZDPFhw17arUPHnosAp8QjtD/i4ade4aH14DhKKTGQw28jKY
G72n40:++DFhwJar0g8leeYB
PEiD..: Armadillo v1.71
TrID..: File type identification
Win64 Executable Generic (54.6%)
Win32 Executable MS Visual C++ (generic) (24.0%)
Windows Screen Saver (8.3%)
Win32 Executable Generic (5.4%)
Win32 Dynamic Link Library (generic) (4.8%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x257f
timedatestamp.....: 0x490de544 (Sun Nov 02 17:37:08 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.bss 0x1000 0xb4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.data 0x2000 0x9c4 0xa00 5.93 c872aec4a612bfe38f5ce15b4a64cf21
.rsrc 0x3000 0x17c4 0x1800 3.92 f1afbef5a2b2550d3b4fdb5fa572eb29
( 3 imports )
> KERNEL32.dll: GetTempPathA, WinExec, GetModuleHandleA, MoveFileExA, ExitProcess, GetModuleFileNameA, DeleteFileA, SetFileAttributesA, GetStartupInfoA
> ADVAPI32.dll: RegQueryValueExA, RegCloseKey, RegOpenKeyExA
> MSVCRT.dll: fwrite, fread, fopen, fseek, fclose, _exit, _XcptFilter, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, strncat
--------------------------------------------------------------------------------------------------------------
ePSXe
Additional information
File size: 305301 bytes
MD5...: 5e56bc283dc8325da7bd81e4386d6b72
SHA1..: 904bb8782e7908fc0bcc7267617f848d6e1bc10e
SHA256: 6a3353b5bfa47b0adab6931892402c8ed681e4bc815212e245ffdf796704c466
SHA512: 46457d3dd29c3afb8f9ed7eec792ad73f9fb3c493231b6899a179d3be3323b32
41e8662fe6847f9eb20650acc787a82b0c11dcd4a27a6fde56a896cd962c22ac
ssdeep: 6144:DZJDp25hL5waRC4FZHh0MdF3KXpTmWENHSS6:DzpqQas47hxKXpTjENHe
PEiD..: Armadillo v1.71
TrID..: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x257f
timedatestamp.....: 0x490de544 (Sun Nov 02 17:37:08 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.bss 0x1000 0xb4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.data 0x2000 0x9c4 0xa00 5.93 c872aec4a612bfe38f5ce15b4a64cf21
.rsrc 0x3000 0x17c4 0x1800 3.02 8c8364b071b6b137cb6da5a3624203b3
( 3 imports )
> KERNEL32.dll: GetTempPathA, WinExec, GetModuleHandleA, MoveFileExA, ExitProcess, GetModuleFileNameA, DeleteFileA, SetFileAttributesA, GetStartupInfoA
> ADVAPI32.dll: RegQueryValueExA, RegCloseKey, RegOpenKeyExA
> MSVCRT.dll: fwrite, fread, fopen, fseek, fclose, _exit, _XcptFilter, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, strncat
visualboyadvance
Additional information
File size: 1578133 bytes
MD5...: 115a896497b4eca2edc4aec174e011cd
SHA1..: af138da4fd3634944c1a843aab5f0c373dbfd01b
SHA256: 67e4e41714c098bb00b0dd1f33ff585720ccf31b3c8a8268c4d905a71b37853e
SHA512: a4bd9194201c68d09476d5f43a83f0fa8f7354c447ff0f76227c67a0d1c61263
9fb2f405c084f33e84dcd8a737ad6f1f4d171b796853f13099e1a882197bba70
ssdeep: 24576:/PoLrqwBfKjZDPFhw17arUPHnosAp8QjtD/i4ade4aH14DhKKTGQw28jKY
G72n40:++DFhwJar0g8leeYB
PEiD..: Armadillo v1.71
TrID..: File type identification
Win64 Executable Generic (54.6%)
Win32 Executable MS Visual C++ (generic) (24.0%)
Windows Screen Saver (8.3%)
Win32 Executable Generic (5.4%)
Win32 Dynamic Link Library (generic) (4.8%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x257f
timedatestamp.....: 0x490de544 (Sun Nov 02 17:37:08 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.bss 0x1000 0xb4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.data 0x2000 0x9c4 0xa00 5.93 c872aec4a612bfe38f5ce15b4a64cf21
.rsrc 0x3000 0x17c4 0x1800 3.92 f1afbef5a2b2550d3b4fdb5fa572eb29
( 3 imports )
> KERNEL32.dll: GetTempPathA, WinExec, GetModuleHandleA, MoveFileExA, ExitProcess, GetModuleFileNameA, DeleteFileA, SetFileAttributesA, GetStartupInfoA
> ADVAPI32.dll: RegQueryValueExA, RegCloseKey, RegOpenKeyExA
> MSVCRT.dll: fwrite, fread, fopen, fseek, fclose, _exit, _XcptFilter, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, strncat
--------------------------------------------------------------------------------------------------------------
ePSXe
Additional information
File size: 305301 bytes
MD5...: 5e56bc283dc8325da7bd81e4386d6b72
SHA1..: 904bb8782e7908fc0bcc7267617f848d6e1bc10e
SHA256: 6a3353b5bfa47b0adab6931892402c8ed681e4bc815212e245ffdf796704c466
SHA512: 46457d3dd29c3afb8f9ed7eec792ad73f9fb3c493231b6899a179d3be3323b32
41e8662fe6847f9eb20650acc787a82b0c11dcd4a27a6fde56a896cd962c22ac
ssdeep: 6144:DZJDp25hL5waRC4FZHh0MdF3KXpTmWENHSS6:DzpqQas47hxKXpTjENHe
PEiD..: Armadillo v1.71
TrID..: File type identification
UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x257f
timedatestamp.....: 0x490de544 (Sun Nov 02 17:37:08 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.bss 0x1000 0xb4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.data 0x2000 0x9c4 0xa00 5.93 c872aec4a612bfe38f5ce15b4a64cf21
.rsrc 0x3000 0x17c4 0x1800 3.02 8c8364b071b6b137cb6da5a3624203b3
( 3 imports )
> KERNEL32.dll: GetTempPathA, WinExec, GetModuleHandleA, MoveFileExA, ExitProcess, GetModuleFileNameA, DeleteFileA, SetFileAttributesA, GetStartupInfoA
> ADVAPI32.dll: RegQueryValueExA, RegCloseKey, RegOpenKeyExA
> MSVCRT.dll: fwrite, fread, fopen, fseek, fclose, _exit, _XcptFilter, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, strncat
- ← wut does it mean when universal extractor says.....
- Universal Extractor
- UniExtract crash issues? →
Share this topic:
Page 1 of 1