Closed hasherezade closed 5 years ago
c80ac369737d8215d45de0602b5de844d20795269a5751af00c29d8795edafa2 - Notepad.exe packed with AsPack 2.12 (from "Unpacking with Anthracene 02 - AsPack 2.12")
All sections of the file are set as NOT executable in the header: the protection is changed dynamically to executable. Mistakenly, PE-sieve do not scan them, because it treats them as non-executable.
After the bugfix modifications are detected:
Test case
c80ac369737d8215d45de0602b5de844d20795269a5751af00c29d8795edafa2 - Notepad.exe packed with AsPack 2.12 (from "Unpacking with Anthracene 02 - AsPack 2.12")
Problem
All sections of the file are set as NOT executable in the header: the protection is changed dynamically to executable. Mistakenly, PE-sieve do not scan them, because it treats them as non-executable.