I am trying to decompress a file and I am running into this:
When I check the signature of the file it is this:
Code:
signature: 68 01 80 71 01 E8 01 00 00 00 C3 C3 40 C9 F3 50
My signature log shows this:
ASProtect 1.33 - 2.1 Registered -> Alexey Solodovnikov
signature=68 01 ?? ?? ?? E8 01 00 00 00 C3 C3
Before I start the decompression I check the memory and find this:
Code:
00400000 00001000 aspmon PE header Imag R RWE
00401000 00221000 aspmon code Imag R RWE
00622000 00009000 aspmon data Imag R RWE
0062B000 00011000 aspmon Imag R RWE
0063C000 00005000 aspmon Imag R RWE
00641000 00001000 aspmon exports Imag R RWE
00642000 00001000 aspmon Imag R RWE
00643000 00001000 aspmon Imag R RWE
00644000 00024000 aspmon Imag R RWE
00668000 000B0000 aspmon .rsrc resources Imag R RWE
00718000 0002E000 aspmon .upx imports,relo Imag R RWE
00746000 00001000 aspmon .adata Imag R RWE
So my question is this:
Has anyone seen this before?
My signature is saying it is compressed with ASProtect but when I check the memory it is showing upx. Are both correct? I have tried to decompress this using my methods for ASProtect and UPX but neither seems to work. Any information would be helpful.
int21h