fuex
July 26th, 2007, 05:54
Hi,
I have just stumbled across a suspicious small executable on the computer Im using right now (vacation in Taiwan, I have to guess a lot when using Chinese localized software :eek
.
As I have some spare time right now, I would like to unpack it. Luckily I have the essential reversing tools on my USB flash drive
PEiD identifies it as "UPX 0.80 - 1.24 DLL -> Markus & Laszlo" but I dont believe that. At least it doesnt look like UPX to me... (though Im unexperienced at unpacking so please dont blame me.) What I have noticed so far: there seems to be a loop which XORs some code in the unpacker section and some DIV 0 exception later on. A lot of things are push'ed and pop'ed, probably obfuscation.
Any help appreciated!
DANGER: MALWARE
password: infected
I have just stumbled across a suspicious small executable on the computer Im using right now (vacation in Taiwan, I have to guess a lot when using Chinese localized software :eek

As I have some spare time right now, I would like to unpack it. Luckily I have the essential reversing tools on my USB flash drive

PEiD identifies it as "UPX 0.80 - 1.24 DLL -> Markus & Laszlo" but I dont believe that. At least it doesnt look like UPX to me... (though Im unexperienced at unpacking so please dont blame me.) What I have noticed so far: there seems to be a loop which XORs some code in the unpacker section and some DIV 0 exception later on. A lot of things are push'ed and pop'ed, probably obfuscation.
Any help appreciated!
DANGER: MALWARE
password: infected