Results 1 to 2 of 2

Thread: new hasp envelope? unknown PE packer

  1. #1

    new hasp envelope? unknown PE packer

    Hi ppl! Long time no see :-)

    Today I've come across target which uses sentinel hasp (run-time environment installer 5.90 from 2009).

    PE sections looks weird to me. I have:

    Code:
    .text
    CONST
    .rdata
    .data
    .rsrc
    pbm6thw3
    zf41d72o
    hsjh6lom
    Entrypoint is at section pbm6thw3. PEiD identifies this as "UPX 1.03 - 1.04 -> Markus & Laszlo [Overlay]", but obviously it's not. I've used public external database (http://handlers.sans.org/jclausing/userdb.txt) for PEiD, but it didn't identified anything (Nothing found [Overlay] *).

    Anyone recognizes this? I suppose this isn't related to old hasp envelope and it's .protect section?

    Thanks!
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Quote Originally Posted by fritzfs View Post
    Hi ppl! Long time no see :-)

    Today I've come across target which uses sentinel hasp (run-time environment installer 5.90 from 2009).

    PE sections looks weird to me. I have:

    Code:
    .text
    CONST
    .rdata
    .data
    .rsrc
    pbm6thw3
    zf41d72o
    hsjh6lom
    Entrypoint is at section pbm6thw3. PEiD identifies this as "UPX 1.03 - 1.04 -> Markus & Laszlo [Overlay]", but obviously it's not. I've used public external database (http://handlers.sans.org/jclausing/userdb.txt) for PEiD, but it didn't identified anything (Nothing found [Overlay] *).

    Anyone recognizes this? I suppose this isn't related to old hasp envelope and it's .protect section?

    Thanks!
    Nah, friend gave me a hint to try with ProtectionID. I've identified it as execryptor. Case closed.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. An unknown packer
    By Hero in forum The Newbie Forum
    Replies: 10
    Last Post: December 9th, 2007, 09:31
  2. PE Problems after unpack hasp envelope...
    By friedo in forum The Newbie Forum
    Replies: 0
    Last Post: July 13th, 2004, 08:08
  3. unknown packer
    By chlankboot in forum Malware Analysis and Unpacking Forum
    Replies: 19
    Last Post: January 19th, 2004, 05:33
  4. IAT rebuilding for unknown packer ??
    By SilSaLaMaTa in forum Malware Analysis and Unpacking Forum
    Replies: 3
    Last Post: August 27th, 2002, 18:07
  5. Help with unknown packer
    By Timmy in forum Malware Analysis and Unpacking Forum
    Replies: 3
    Last Post: November 7th, 2000, 06:44

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •