Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A way of seeing through extension spoofers?


  • Please log in to reply
6 replies to this topic

#1 Random Bob

Random Bob

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 17 February 2013 - 12:35 AM

I recently learnt about extension spoofers. They are dangerous tools.

 

Is there a software that 1) sees through extension spoofers and say shows the correct extension or 2) show all the exes in a particular folder.

 

I think some search software may be able to do the 2nd one since software can see through extension spoofers unless they use the last words of the file name like humans. I'm saying this because I heard that torrent sites can see through extension spoofers except if exes are named ".scr"



BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 AM

Posted 17 February 2013 - 01:39 PM

Are you comfortable using command line tools?


Edited by Didier Stevens, 17 February 2013 - 01:40 PM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 Random Bob

Random Bob
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 17 February 2013 - 10:45 PM

Are you comfortable using command line tools?

I'm not very good with command line, but in case there is no GUI alternative go ahead and suggest the command line tools. But I prefer GUI though.



#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 AM

Posted 20 February 2013 - 06:06 AM

Are you familiar with Microsoft Sysinternals' tools? Sigcheck will check the digital signature of executables. If you use option -e, it will report all binary executables, regardless of their extension.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 DarkSnake-Kobra

DarkSnake-Kobra

  • Members
  • 633 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Iowa, USA
  • Local time:01:54 AM

Posted 20 February 2013 - 06:57 PM

You can try a hex editor.

 

To the right you can see the two lines that says "This program can not be run in DOS mode" The file appears to be a JPG, but it's actually an executable I quickly wrote in C.

Attached Files

  • Attached File  exe.PNG   90.96KB   7 downloads

Edited by DarkSnake-Kobra, 20 February 2013 - 07:02 PM.


#6 Random Bob

Random Bob
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:01:54 AM

Posted 24 February 2013 - 04:38 AM

Are you familiar with Microsoft Sysinternals' tools? Sigcheck will check the digital signature of executables. If you use option -e, it will report all binary executables, regardless of their extension.

I don't know about it. I have a few questions.

 

1) Where can I download it?

2) How big is the file?

3) Does it have an option for listing executables in a particular folder?



#7 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:54 AM

Posted 24 February 2013 - 05:49 AM

1) http://technet.microsoft.com/en-us/sysinternals/bb897441.aspx

2) 120 KB

3) Yes


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users