能力值:
( LV12,RANK:450 )
2 楼
UPX1.01,1.24,1.90 beta 特征串:
60 BE ?? ?? ?? ?? 8D BE ?? ?? ?? ?? 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73
经过了三种不同版本压缩的相同软件的比较和相同版本压缩的三种不同软件的比较取了64个字节得出的结果,不知道是否正确。
应该可以再精简,不知道多长的特征串才算合适?
能力值:
( LV4,RANK:50 )
3 楼
想办法从Peid的外壳特征库提取
能力值:
( LV4,RANK:50 )
4 楼
60BE000000008DBE00000000C78700000000000000005783CDFFEB0E000000008A064688074701DB75078B UPX 0.89.6 - 1.02 / 1.05 - 1.24 (Delphi) stub -> Markus & Laszlo
0000000000000000000000000000000000000000000000008A064688074701DB75078B1E83EEFC11DB8A0772EBB80100000001DB75078B1E83EEFC11DB11C001DB730075008B1E83EEFC UPX 1.03 - 1.04 -> Markus & Laszlo 807C2408010F850000000060BE000000008DBE000000005783CDFF UPX 0.89.6 - 1.02 / 1.05 - 1.24 DLL -> Markus & Laszlo
EBEC000000008A064688074701DB7507 UPX Protector 1.0x -> BlindAngel/TMG
50BE000000008DBE000000005783CD UPX MODifier 0.1x -> snaker
9061BE000000008DBE000000005783CDFF UPX-Scrambler RC1.x
60E80000000083CDFF31DB5E8DBEFA0000FF5766818700000000000081C6B3010000EB0A000000008A064688074701DB7507 UPX 0.71 - 0.72 -> Markus & Laszlo
60E8000000005883E83D508DB8000000FF576681870000000000008DB0EC01000083CDFF31DBEB07908A064688074701DB7507 UPX 0.70 -> Markus & Laszlo
60E8000000005883E83D508DB8000000FF576681870000000000008DB0F001000083CDFF31DB909090EB0890908A064688074701DB7507 UPX 0.62 -> Markus & Laszlo
60E8000000005883E83D508DB8000000FF578DB0E801000083CDFF31DB0000000001DB75078B1E83EEFC11DB730B8A0646880747EBEB90 UPX 0.60 - 0.61 -> Markus & Laszlo
60E8000000005883E83D508DB8000000FF578DB0D801000083CDFF31DB0000000001DB75078B1E83EEFC11DB730B8A0646880747EBEB90 UPX 0.51 -> Markus & Laszlo
79070FB707475047B95748F2AE55FF968400000009C07407890383C304EBD8FF968800000061E9000000FF UPX modified stub -> SAC/uNPACKinG gODS
0000000000000000000000000000000000000000000000008A064688074701DB75078B1E83EEFC11DB72EDB80100000001DB75078B1E83EEFC11DB11C001DB730075008B1E83EEFC UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo
0000000000000000000000000000000000000000000000008A064688074701DB75078B1E83EEFC11DB72EDB80100000001DB75078B1E83EEFC11DB11C001DB77EF75098B1E83EEFC UPX 0.80 - 0.84 -> Markus & Laszlo
能力值:
( LV2,RANK:10 )
5 楼
最初由 小楼 发布 想办法从Peid的外壳特征库提取
在那啊?别人给了个脱后的,但我没找到。
能力值:
( LV12,RANK:450 )
6 楼
Peid的外壳特征库,你是说哪个userdb.txt文件吧,可是哪个文件也不全啊,并且有些壳不用userdb.txt也能识别出来,如:upx1.24.
能力值:
( LV12,RANK:450 )
7 楼
我看你的upx1.24的特征串和我提取的不一样啊!我压缩的软件是notepad.exe,calc.exe...是不是和开发软件有关系呢?
能力值:
( LV12,RANK:450 )
8 楼
PEid
能力值:
( LV12,RANK:450 )
9 楼
60 BE ?? ?? ?? ?? 8D BE ?? ?? ?? ?? 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73
UPX 0.89.6-1.02 / 1.05-1.24 /1.90w beta-> Markus & Laszlo
能力值:
( LV12,RANK:450 )
10 楼
[ASPack2.12]
60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 00 00 00 EB 5D BB ED FF FF FF