is there a way to open a archive file exe

Discussion in 'Software' started by red death68, Mar 7, 2009.

  1. red death68

    red death68 Command Sergeant Major

    i have 2 diff files that are exe files and i found that they were being caught by my antivirus program because 1 or more files inside them was infected with a Trojan.MulDrop.20803 so i need to open them to delete the single infected item and then reseal them to their former point so they can still be used is there a freeware program that can do this?
     
    red death68, Mar 7, 2009
    #1
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi

    At times you can use the likes of WinRar (not free but you get a 30 day trial) to open up exe's just need to navigate to the file from within WinRar, but depends on how this exe was compiled in the first place, so not all will open without a way to uncompile and could try this http://www.legroom.net/software/uniextract

    However if malware is found in these files, I would just dump them and find alternatives instead as I couldnt trust any of the files in that exe. Differential to this is your AV is flagging up a false positive, but again I wouldnt trust that this is the case.
     
    DavidGP, Mar 8, 2009
    #2
  3. red death68

    red death68 Command Sergeant Major

    i already have uniextractor and trying their forum if it helps i ran a virus scan on the 2 files here are the results

    visualboyadvance

    Additional information
    File size: 1578133 bytes
    MD5...: 115a896497b4eca2edc4aec174e011cd
    SHA1..: af138da4fd3634944c1a843aab5f0c373dbfd01b
    SHA256: 67e4e41714c098bb00b0dd1f33ff585720ccf31b3c8a8268c4d905a71b37853e
    SHA512: a4bd9194201c68d09476d5f43a83f0fa8f7354c447ff0f76227c67a0d1c61263
    9fb2f405c084f33e84dcd8a737ad6f1f4d171b796853f13099e1a882197bba70
    ssdeep: 24576:/PoLrqwBfKjZDPFhw17arUPHnosAp8QjtD/i4ade4aH14DhKKTGQw28jKY
    G72n40:++DFhwJar0g8leeYB
    PEiD..: Armadillo v1.71
    TrID..: File type identification
    Win64 Executable Generic (54.6%)
    Win32 Executable MS Visual C++ (generic) (24.0%)
    Windows Screen Saver (8.3%)
    Win32 Executable Generic (5.4%)
    Win32 Dynamic Link Library (generic) (4.8%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x257f
    timedatestamp.....: 0x490de544 (Sun Nov 02 17:37:08 2008)
    machinetype.......: 0x14c (I386)

    ( 3 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .bss 0x1000 0xb4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
    .data 0x2000 0x9c4 0xa00 5.93 c872aec4a612bfe38f5ce15b4a64cf21
    .rsrc 0x3000 0x17c4 0x1800 3.92 f1afbef5a2b2550d3b4fdb5fa572eb29

    ( 3 imports )
    > KERNEL32.dll: GetTempPathA, WinExec, GetModuleHandleA, MoveFileExA, ExitProcess, GetModuleFileNameA, DeleteFileA, SetFileAttributesA, GetStartupInfoA
    > ADVAPI32.dll: RegQueryValueExA, RegCloseKey, RegOpenKeyExA
    > MSVCRT.dll: fwrite, fread, fopen, fseek, fclose, _exit, _XcptFilter, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, strncat

    --------------------------------------------------------------------------------------------------------------
    ePSXe

    Additional information
    File size: 305301 bytes
    MD5...: 5e56bc283dc8325da7bd81e4386d6b72
    SHA1..: 904bb8782e7908fc0bcc7267617f848d6e1bc10e
    SHA256: 6a3353b5bfa47b0adab6931892402c8ed681e4bc815212e245ffdf796704c466
    SHA512: 46457d3dd29c3afb8f9ed7eec792ad73f9fb3c493231b6899a179d3be3323b32
    41e8662fe6847f9eb20650acc787a82b0c11dcd4a27a6fde56a896cd962c22ac
    ssdeep: 6144:DZJDp25hL5waRC4FZHh0MdF3KXpTmWENHSS6:DzpqQas47hxKXpTjENHe
    PEiD..: Armadillo v1.71
    TrID..: File type identification
    UPX compressed Win32 Executable (39.5%)
    Win32 EXE Yoda's Crypter (34.3%)
    Win32 Executable Generic (11.0%)
    Win32 Dynamic Link Library (generic) (9.8%)
    Generic Win/DOS Executable (2.5%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x257f
    timedatestamp.....: 0x490de544 (Sun Nov 02 17:37:08 2008)
    machinetype.......: 0x14c (I386)

    ( 3 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .bss 0x1000 0xb4 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
    .data 0x2000 0x9c4 0xa00 5.93 c872aec4a612bfe38f5ce15b4a64cf21
    .rsrc 0x3000 0x17c4 0x1800 3.02 8c8364b071b6b137cb6da5a3624203b3

    ( 3 imports )
    > KERNEL32.dll: GetTempPathA, WinExec, GetModuleHandleA, MoveFileExA, ExitProcess, GetModuleFileNameA, DeleteFileA, SetFileAttributesA, GetStartupInfoA
    > ADVAPI32.dll: RegQueryValueExA, RegCloseKey, RegOpenKeyExA
    > MSVCRT.dll: fwrite, fread, fopen, fseek, fclose, _exit, _XcptFilter, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _except_handler3, _controlfp, strncat
     
    red death68, Mar 10, 2009
    #3
  4. Bugballou

    Bugballou MajorGeek

    Sorry, see you are ahead of me on this one...uniextractor is Universal Extractor? uniextract16.exe ?
    Bug
     
    Last edited: Mar 10, 2009
    Bugballou, Mar 10, 2009
    #4
  5. red death68

    red death68 Command Sergeant Major

    im using the newest one with every available part i could get and no dice

    id settle for a program that could remove the infected part and spare the rest
     
    red death68, Mar 10, 2009
    #5

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds