 | Extracting PE Sections into separate files ? |  |
|
cameraboy
| Joined: 21 Jan 2009 |
| Posts: 0 |
|
|
|
 Posted: Fri May 01, 2009 3:55 am |
|
 |
 |
|
|
How can I generate MD5 based section signatures by extracting PE sections into separate files ? Please advise.
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Fri May 01, 2009 4:09 am |
|
|
|
|
|
Some debuggers give a sectional analysis of the PE file with MD5 hashes. The primary section you want is the one that has Execute Access. You have to be careful, however. Most malware is packed now, and sometimes it is obscured/scrambled to prevent analysis. And sometimes the debugger just gets it wrong. And every once in a while, you find code/sections in malware that is also used in non-malware programs.
Regards.
|
|
|
| Re: Extracting PE Sections into separate files ? | |
|
b0ne
| Joined: 26 Oct 2006 |
| Posts: 0 |
|
|
|
| Posted: Fri May 01, 2009 4:24 am |
|
|
|
|
|
The program PETools has a pe editor in it, which if you click the sections button, you can dump them to disk. You could also use any pe viewer and a hex editor to save the start offset + length of the section to disk. Some hex editors like HxD support performing calculations on any of the bytes selected.
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by
phpBB © phpBB Group
Design by
phpBBStyles.com |
Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
