hxxp://ww.mtwor.com/ms1.exe
MD5 Hash - E50EE7BB625302DAACA03ECFE07930A7
FSG 2 used on this one,multiple naming conventions from AV companies,
but the most common among them was "Delf.crp" or so...
hxxp://ww.mtwor.com/ms1/data.exe
MD5 Hash - 7245CE2FB66DC572B8AD2B2AA0695554
PEiD doesn't detect the packer used internally (yet).
EP Section name is ".bedrock" though,and it certainly isn't some sign-faker:
I can assure you this is Bambam speaking here...
VirusTotal's engine reports too many different names to be listed here.
It also (incorrectly) flags the packer as "NPack".
Topic: ms1.exe and data.exe (Read 8247 times)
