Author Topic: Universal Extractor  (Read 5212 times)

0 Members and 1 Guest are viewing this topic.

August 11, 2007, 02:17:28 am
Read 5212 times

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
Universal Extractor is a great little program for extracting files from executable archives. The newest beta has incorporated a warning system. So that if any files need to be executed during extraction it will give you a warning. It is however in the beta stages of development so the author welcomes all feedback. You can leave feedback about this tool either at the MSFN Forum or at the Universal Extractor Forum.

Here is the download link for Universal Extractor v1.6 Beta

January 15, 2008, 06:54:39 am
Reply #1

VirusBuster

  • Newbie

  • Offline
  • *

  • 5
I have coded a tool much more universal to extract files from executable files than Universal Extractor. Itīs not still public but probably later this year Iīll release it.

You can review information about the tool here:

Quote
hxxp://www.armbell.com/vxtrading/viewtopic.php?t=96&mforum=vxtrading

January 15, 2008, 08:50:48 pm
Reply #2

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
Thank you for letting us know about this tool.

January 16, 2008, 04:30:05 am
Reply #3

sowhat-x

  • Guest
Ok,here's a couple of personal thoughts...  8)

Obviously,I will be both glad and thankful,if such a tool gets released to the public...
as it will make life quite easier for people interested in malware analysis.
Although to be honest,I think most of the usual/coomon stuff,
can already be handled just fine with the existing tools...
with minor annoyances though,as we all currently know.

For example,I've never even used Universal Extractor,
as I already had most of the interested tools that come with it,
way before it got released and widely known...
commandline usage of them is still my friend.
More specifically,I had also mailed it's author at some moment...
I've always preferred that people have to also search stuff for themselves a bit,
as this way also makes them actually wanna learn how stuff works internally,
instead from simply double-clicking apps...
but since this seemed to be his target audience,
I thought I should at least suggest him a few tools,
that were by far better than the ones he used.
He preferred to not make use of them though for some reasons.
This doesn't mean I wouldn't suggest to people his tool,quite the contrary:
it's well made,gets updated frequently,
and serves both it's purpose and most people's everyday needs really well.

Ok,back to the...original topic,lol...
I've already seen the thread mentioned above since some time now,
he-he,I can assure everyone,there's quite a few guys that lurk around,
in order to have some idea of what's currently been worked around in the vx area,he-he... 8)

At this point,I have to admit,that I was left with at least a couple of questions...
The first one is,what's the point in advertising a private tool in a public forum?
If,and when it gets released to public...
everyone will be glad to know about it's existence and it's abilities.
Maybe I could possibly understand announcing it in public,
only if searching for 'beta testers'...
but even if so,there are more ways to find/approach these people.

Secondly,the link supplied above,
points to a forum that needs registration for browsing.
No problem with posting links to other forums of course,what are we here...
some kind of 'gurus,requesting to have 'exclusive' availability? :D
But a user has at least to have the ability of getting an idea,
of what's going on inside a foreign forum,which gets 'advertised' here...

Third,this is not a 'random' security forum out there...
not even say a forum making blatant propaganda,
controlled by specific companies for commercial reasons.
It's a vx trading forum...thereby,to put it as straight as possible,
and avoid any possible future misunderstandings:
Vx trading and similar actions,are completely NOT acceptable here.

That is not simply because there is obviously a serious problem of trust,
with people involved in vx trading activities...
since a quite big majority of them,for some weird pathological reasons,
get over-enthusiastic about small pieces of precompiled shitty malware code.
Collecting malware is a reasonable step in the malware fighting process,
but it certainly isn't the target itself...what would be the point afterwards:
collecting viruses simply like they are...stamps or album stickers?
Haven't people any more productive hobbies to waste their lives on?

If people were trading samples and info about them in private,
instead of sharing them in public...then what would be the world alike?
He,does it really need a lot of thinking?Ok,I'll tell you how I imagine it...
exactly like today's miserable win32 world,
where a handful of AV monopolies did exactly this for more than 20 years.
And luckily,with that much free source code out there,
and I'm talking even for malware code here...
this stupid 'old model politics',has started showing it's weaknesses,
the signs of getting seriously old and ineffective towards current threats:
it's time to move ahead,and get rid of ghosts of the past,say like vx trading...
My honestly expressed farewell to them,as they certainly deserve an important place,
in the recycle bin of computing history... 8)

To sum up,the most important aspect of it all...the very exact reason we're all here...
To share and exchange malware and knowledge about it,
IN public,and WITH the public.Period.
NOT to keep/advertise private stuff and tools,
in order to later sell/exchange malware samples,again in private.
Terms widely used as 'full disclosure',
have been widely misused for a variety of reasons...
as obviously not everyone translates them in his/her mind under the same context.
But regarding MDL's philosophy,things is quite clear...
and if for some obscure reason someone still has doubts,
and needs a specific given name/term in order to understand the point here,
ok,here's a quick a dirty description of it...'open info disclosure'. :D  ;)

P.S:
This got longer than I thought,but well,I thought I should mention this also...
Couple of weeks ago,in a LESS than two-three days period,
I saw two different posts over at Offensive Computing,
made specifically in order to promote the vx trading forum in question...
I can't answer this by myself obviously,and it's not my business after all...
What I can do though,is to simply copy/paste their official 'statement',
so that people can think in clear mind if such advertisement activities/posts,
actually respect the hard work that gets to be done there by individual researchers...
I've underlined the most important statements in it:

Quote
"The primary emphasis here is on malware collections and analysis,
for the purpose of improving people's abilities to defend their networks.
There is a noticeable lack of public sources of malware and malware analysis available.
Those that were available were either for sale or limited to a small number of users.
We provide resources such as live copies of malicious software,
md5sums to search on and analysis of the malware to the general public."

January 20, 2008, 01:23:45 am
Reply #4

VirusBuster

  • Newbie

  • Offline
  • *

  • 5
English is not my mother language and I can not match your verbal incontinency.  ::) :P

To give a balance I will make short my reply.

First, sorry if I broke any rule (written or not).

About the tool... Extractor was going to be a public project but I got no help from anyone so I decided to do all the research myself and finally I decided to donīt share it at the moment.

Why to talk about it if itīs not public? Well, it will be, therefore maybe someone may be interested in trying it.

Thatīs all.