Fsg packed file

Not Finding Your Answers? Was This Article Helpful? How may we assist you? This field is for validation purposes and should be left unchanged. All Rights Reserved. Legal Privacy. Javascript is disabled in your web browser For full functionality of this site it is necessary to enable JavaScript. Classification Category :. Type :. Aliases :.

Summary This program is packed using a packer program associated with numerous other malware. Removal Automatic action Suspect a file is incorrectly detected a False Positive?

Automatic action Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it. Suspect a file is incorrectly detected a False Positive? If you wish, you may also: Check for the latest database updates First check if your F-Secure security program is using the latest detection database updates , then try scanning the file again.

Submit a sample After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis. Since these functions are often called in packed malware and there are few other legible strings, it is looking like this malware may be packed. When we run the executable through PEid we find that PEid has detected the executable to be packed with fsg 1.

Practical Malware Analysis has not taught how to deal with unpacking fsg 1. A little googling seems to indicate that some manual processes will be necessary. The process is not as straightforward as just running an un-pack command like with upx. I may attempt some of these manual processes at some point in the future but I am going to leave that alone for now as the book has not covered it. Because the only imports that are able to be viewed are LoadLibraryA and GetProcAddress , a good idea of the functionality can not be gleaned at this point.

Because no legible strings can be found that would point toward host or network based indicators it is not possible to find any good indicators of this malware at this point. This concludes the analysis of the third malware of Lab 1 from the Practical Malware Analysis book.