How can you tell if a file has been "obscured"

Discussion in 'other anti-trojan software' started by CARCHARODON, Mar 5, 2003.

Thread Status:
Not open for further replies.

    CARCHARODON Registered Member

    Oct 1, 2002
    Portland, Or. USA
    I'm curious.. I just ready Nancy's newsletters on how to avoid trojans at the following link.

    BTW, thanks Nancy! Its a very good newsletter.

    Anway, in it she say lookout for software that has been compressed with UPX, ASPACK, INFLATE or other "file-obscuring" technologies. I know that most trojan detection programs will tell me but is there any other way to tell that a file has been compressed with one of these technologies?

    just curious, I've never used any of these because I have no reason to. :D
  2. LowWaterMark

    LowWaterMark Administrator

    Aug 10, 2002
    New England
    There are utilities to tell you if files are packed, in many case the packer applications themselves will do this for you. I'm not big in this area, but I have downloaded UPX 1.24 from after reading through a discussion on this topic in the NOD32 Beta forum here (link).
  3. wizard

    wizard Registered Member

    Feb 9, 2002
    Europe - Germany - Duesseldorf
    Kaspersky Anti Virus for example shows if a file is packed (if the option is enabled). But only for packers that are recognized by KAV. The current GAV version has this feature as well but as it is still under development the amount of recognized packers is at the moment still limited.

    There are some tools available that check if a file is packed or not (but of course only for 'known' packers). As I currently don't know a reliable source to download these kind of tools I couldn't provide you with a link.

  4. Andreas Haak

    Andreas Haak Guest

    Well ...

    Quite reliable and with the option to unpack:

    Quite reliable, no unpack option, but open source:

    Made first link unclickable, because it was a direct download link. repaired the second link.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.