Hi guys,

I have a target, and i'm fairly certain it's either packed or encrypted, but i cant figure out what with. I have run PEiD and PE-Scan against it, but niether recognise it.

The target has a suspicious looking section named 'ExeS'. Just wondered if anyone has any clues?

Thanks,

It's ExeStealth.

http://www.webtoolmaster.com/estealth.htm

Thanks for the reply _Servil_, i'm off to do some research on this now.

Ok, i just read the thread titled "ExeStealth 2.41 EXE Protector" by squidge and it's so obviouse why i couldn't dump this protected program. Oh well, sometimes it's just too obviouse.

Ok, i've been digging around for this one, but i still cant dump my target, and i have tried to locate the temp location in squidges post, but this target is with EXEStealth 2.6 and i'm pretty sure it's unpacking in memory now.

When ever i tried dumping i just get a 8k file.

Ok, i'm getting good at this searching now I just found this thread "EXEStealth - SPOILER - Unpacking! "