red death68 Posted March 8, 2009 Posted March 8, 2009 i have 2 exe files one is visualboyadvance and the other is ePSXe and they both recently got one common file inside of them selves infected with a virus i want to open them to try and "clean" them of the virus so my antivirus programs stop going haywire
zeroFX Posted March 10, 2009 Posted March 10, 2009 You should test the files via virustotal.com, possibility's not that bad, it's just because of a/ the runtime-compression.
red death68 Posted March 10, 2009 Author Posted March 10, 2009 here are the results if it helpsvisualboyadvanceAdditional informationFile size: 1578133 bytesMD5...: 115a896497b4eca2edc4aec174e011cdSHA1..: af138da4fd3634944c1a843aab5f0c373dbfd01bSHA256: 67e4e41714c098bb00b0dd1f33ff585720ccf31b3c8a8268c4d905a71b37853eSHA512: a4bd9194201c68d09476d5f43a83f0fa8f7354c447ff0f76227c67a0d1c612639fb2f405c084f33e84dcd8a737ad6f1f4d171b796853f13099e1a882197bba70ssdeep: 24576:/PoLrqwBfKjZDPFhw17arUPHnosAp8QjtD/i4ade4aH14DhKKTGQw28jKYG72n40:++DFhwJar0g8leeYBPEiD..: Armadillo v1.71TrID..: File type identificationWin64 Executable Generic (54.6%)Win32 Executable MS Visual C++ (generic) (24.0%)Windows Screen Saver (8.3%)Win32 Executable Generic (5.4%)Win32 Dynamic Link Library (generic) (4.8%)PEInfo: PE Structure information( base data )entrypointaddress.: 0x257ftimedatestamp.....: 0x490de544 (Sun Nov 02 17:37:08 2008)machinetype.......: 0x14c (I386)( 3 sections )name viradd virsiz rawdsiz ntrpy md5.bss 0x1000 0xb4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.data 0x2000 0x9c4 0xa00 5.93 c872aec4a612bfe38f5ce15b4a64cf21.rsrc 0x3000 0x17c4 0x1800 3.92 f1afbef5a2b2550d3b4fdb5fa572eb29( 3 imports )> KERNEL32.dll: GetTempPathA, WinExec, GetModuleHandleA, MoveFileExA, ExitProcess, GetModuleFileNameA, DeleteFileA, SetFileAttributesA, GetStartupInfoA> ADVAPI32.dll: RegQueryValueExA, RegCloseKey, RegOpenKeyExA> MSVCRT.dll: fwrite, fread, fopen, fseek, fclose, _exit, _XcptFilter, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, strncat--------------------------------------------------------------------------------------------------------------ePSXeAdditional informationFile size: 305301 bytesMD5...: 5e56bc283dc8325da7bd81e4386d6b72SHA1..: 904bb8782e7908fc0bcc7267617f848d6e1bc10eSHA256: 6a3353b5bfa47b0adab6931892402c8ed681e4bc815212e245ffdf796704c466SHA512: 46457d3dd29c3afb8f9ed7eec792ad73f9fb3c493231b6899a179d3be3323b3241e8662fe6847f9eb20650acc787a82b0c11dcd4a27a6fde56a896cd962c22acssdeep: 6144:DZJDp25hL5waRC4FZHh0MdF3KXpTmWENHSS6:DzpqQas47hxKXpTjENHePEiD..: Armadillo v1.71TrID..: File type identificationUPX compressed Win32 Executable (39.5%)Win32 EXE Yoda's Crypter (34.3%)Win32 Executable Generic (11.0%)Win32 Dynamic Link Library (generic) (9.8%)Generic Win/DOS Executable (2.5%)PEInfo: PE Structure information( base data )entrypointaddress.: 0x257ftimedatestamp.....: 0x490de544 (Sun Nov 02 17:37:08 2008)machinetype.......: 0x14c (I386)( 3 sections )name viradd virsiz rawdsiz ntrpy md5.bss 0x1000 0xb4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e.data 0x2000 0x9c4 0xa00 5.93 c872aec4a612bfe38f5ce15b4a64cf21.rsrc 0x3000 0x17c4 0x1800 3.02 8c8364b071b6b137cb6da5a3624203b3( 3 imports )> KERNEL32.dll: GetTempPathA, WinExec, GetModuleHandleA, MoveFileExA, ExitProcess, GetModuleFileNameA, DeleteFileA, SetFileAttributesA, GetStartupInfoA> ADVAPI32.dll: RegQueryValueExA, RegCloseKey, RegOpenKeyExA> MSVCRT.dll: fwrite, fread, fopen, fseek, fclose, _exit, _XcptFilter, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, strncat
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now