Author Topic: unpacking installshield .cab files  (Read 13182 times)

0 Members and 1 Guest are viewing this topic.

June 26, 2008, 09:36:26 pm
Read 13182 times

julevine

  • Special Access
  • Jr. Member

  • Offline
  • *

  • 14
I need some help to  unpack this CAB FILE

please tell me how to unpack cab files

please list instructions and tools

http://rapidshare.com/files/125252096/data1.cab  installshield cab

thank you

June 26, 2008, 10:11:20 pm
Reply #1

bobby

  • Special Members
  • Hero Member

  • Offline
  • *

  • 322
    • Malzilla
Any chance to upload the whole EXE file for us?
If there was a HDR file inside the exe, you need it to unpack the cab file.

June 27, 2008, 01:17:46 am
Reply #2

sowhat-x

  • Guest
...my oh my...i used to google/read reversing tutorials for hours,
in order to get such answers and find the relevant tools/techniques...and nowadays,
everyone wants to only double-click the "Universal Extractor" frontend,and have the job done...  :-X
And when this fails...

1)Have you come across some malware that was wrapped with InstallShield?
If that's the case,I'd be really curious to see it...

2)IS .cab files always come in combination with an .hdr file as well.
As bobby already said,you'll need (at least) both to do the extraction.

3)The by-far-easiest way to extract such type of InstallShield packages,
is by using the support utility called "IsCabVu",which comes with InstallShield itself.
So,grab the product's trial version from their site,blah-blah...

4)Note that there are well-known incompatibilities between different InstallShield versions:
there is not a 100% quarantee that the latest IsCabVu build,
will work flawlessly against older .cab/.hdr archives...
(which by the way,also seem to have become a bit rare/'obsolete' nowadays).

5)Last,but not least...if the installer requires a password,IsCabVu will also ask you for it...  ;D

PS:Under *nix systems,there exists unshield/libunshield for carrying out such tasks:
http://sourceforge.net/project/showfiles.php?group_id=30550&package_id=125523
Haven't ever used it personally though,so I can't comment on it...

June 27, 2008, 04:43:09 pm
Reply #3

tjs

  • Special Members
  • Sr. Member

  • Offline
  • *

  • 248
regmon, filemon & virtual machine. :)

TJS

June 28, 2008, 02:01:22 am
Reply #4

sowhat-x

  • Guest
...very quick'n'dirty look at the installer above,
didn't ever bothered extracting all files from there...well,what's this?
It seemed to me like it is a perfectly legitimate COMMERCIAL application,
called "Kingsoft Internet Security 2007",resellers of Kaspersky in China or something...
http://www.kingsoftresearch.com/k9/index.html
====================================
Ok,let's get a bit serious around,and straighten up the situation here...
in plain english,no lame requests from here on:do your research/homework first,then request...
Got a problem decoding an obfuscated js script via Malzilla?
Feel free to ask around,assuming you couldn't come up with a solution...
Got troubles detecting a packer/manually unpacking a malware exe via Olly scripts etc?
Feel free to ask around,assuming you've read a few relevant rce tutorials first...
Per occasion,it's perfectly reasonable for anyone,
to encounter difficulties carrying out such tasks...

But...asking for tools,direct links to malware,direct samples etc...
obviously,this has to take place under a logical basis,
ie.you first search/experiment for yourself.Plain and easy as that.
Need direct links to rogue installers and other kinds of setup files?
Well,that is...vm,malzilla,notepad,and flashget/wget.
Need to unpack InstallShield archives?
Simply googling for "InstallShield unpacking",will give you ALL the answers you want...
believe me,there are numerous reversers out there that have already messed with it,
for a variety of more-or-less obvious reasons,lmao...
Need that zlob sample that altered routers' config?
Well,haven't we been posting numerous variants of that crap during previous month?

You know what they say:DIY
http://en.wikipedia.org/wiki/DIY
And search -> search -> search more -> search again...
I mean,what the heck...are you bored of doing the above?
Especially nowadays,there aren't that many excuses...
because pretty much most stuff has been somehow documented,
sources released and the like...not exactly what has been the case in the past.
Furthermore,there are TONS of free as in beer tools out there to get the job done,
and equally tons of sources/tutorials/blogs/forums to google,read and learn from...
These are just the basic steps before doing anything further:
no matter how much knowledge/experience someone might have or not,
he/she always takes the steps above,one way or another...
as tjs summarized it above -> the concept almost always starts like...this:
regmon, filemon & virtual machine.   :D

PS:Removed the Rapidshare link reference above to the Kingsoft AV product,
trial / freeware or whatever this older version of it was...
They have an official site,and anyone can get/evaluate latest version from there...