Results 1 to 3 of 3

Thread: Two PE detector,Why two detections?

  1. #1

    Two PE detector,Why two detections?

    Hi all
    I try a program with two PE tools,PEid and TrId.But I get a strange result:
    PEid return file signature as Borland Delphi 3.0,But The highest percent that
    TrId returned was PECompact!TrId return Borland Delphi too,but with a ver
    low percent.
    How this is possible?Because all of program should have special signature,isn't it?
    Then Why this strange result will happen?

    sincerely yours
    I should look out my posts,Or JMI will get mad at me! ;)

  2. #2
    Packed programs don't have special signatures as such. Different binaries packed with the same packer will generally look quite different, even in the areas that are supposed to be characteristic of the packer in question. This is why TrID gives you a percentage resemblance rather than a concrete answer.

    Maybe PECompact is designed with PEiD's algorithm in mind such that its targets are made to look like Borland Delphi 3.0? Then again, maybe it's just a coincidence.
    If I were you, I'd Google the result. It's probable sombody has been in this situation before and has succeeded in identifying the packer.
    If that fails, I guess you'll have to play around with both possibilities (bearing in mind that it may well be neither) to get a better idea of what stands between you and your target.

  3. #3
    Packers generally (not always) have a consistant pattern of bytes at the EP, thats one of the ways PEiD detects packers/protectors. I would look at what sections are in the files, and the EP Section. If its a Delphi than the the EP section should be CODE. Disasmble the file, judging by the text strings you should easily beable to see if its packed or not.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Stealth malware detector comparison
    By xsk in forum Tools of Our Trade (TOT) Messageboard
    Replies: 1
    Last Post: December 6th, 2011, 00:22
  2. 802.11n detector
    By Silver in forum Off Topic
    Replies: 0
    Last Post: March 22nd, 2005, 11:48


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts