Detecting CD-COPS String in CDCOPS.DLL #70

New Issue

Closed

opened 2026-01-29 21:05:38 +00:00 by claunia · 2 comments

claunia commented 2026-01-29 21:05:38 +00:00

Owner

Copy Link

Originally created by @Flashfire42 on GitHub (Mar 9, 2022).

In 2 of the 3 samples I have been able to examine so far of the CDCOPS.DLL this string is at the same offset every time in the third sample it is off by 1 but the string is still there. The files are all NEEXE according to virustotal which may make things more difficult to parse. If I get further info on the dll I will update this issue. They are also reportably all 16bit windows applications

Originally created by @Flashfire42 on GitHub (Mar 9, 2022).  In 2 of the 3 samples I have been able to examine so far of the CDCOPS.DLL this string is at the same offset every time in the third sample it is off by 1 but the string is still there. The files are all NEEXE according to virustotal which may make things more difficult to parse. If I get further info on the dll I will update this issue. They are also reportably all 16bit windows applications

claunia closed this issue 2026-01-29 21:05:39 +00:00

claunia commented 2026-01-29 21:05:39 +00:00

Author

Owner

Copy Link

@mnadareski commented on GitHub (Jul 11, 2022):

If you can provide samples, this would be helpful. Otherwise, check latest to see if it's taken care of already.

@mnadareski commented on GitHub (Jul 11, 2022): If you can provide samples, this would be helpful. Otherwise, check latest to see if it's taken care of already.

claunia commented 2026-01-29 21:05:40 +00:00

Author

Owner

Copy Link

@TheRogueArchivist commented on GitHub (Dec 14, 2022):

I can confirm that this check is now present and functional.

@TheRogueArchivist commented on GitHub (Dec 14, 2022): I can confirm that this check is now present and functional.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

rolling

3.5.0

3.4.6

3.4.5

3.4.4

3.4.3

3.4.2

3.4.1

3.4.0

3.3.4

3.3.3

3.3.2

3.3.1

3.3.0

3.2.3

3.2.2

3.2.1

3.2.0

3.1.16

3.1.15

3.1.14

3.1.13

3.1.12

3.1.11

3.1.10

3.1.9

3.1.8

3.1.7

3.1.6

3.1.5

3.1.4

3.1.3

3.1.2

3.1.1

3.1.0

3.0.2

3.0.1

3.0.0

2.9.0

2.8.0

2.7.0

2.6.0

2.5.0

2.3.4

2.3.3

2.3.2

2.3.1

2.3.0

2.1.0

2.0.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.1

1.5.0

1.4.1

1.4.0

1.03.9.1

1.03.9

1.03.8.2

1.03.8.1

1.03.8.0

1.03.7.1

1.03.5

1.03.7

1.03.6

Labels

Clear labels

bug

enhancement

help wanted

pull-request

Mirrored from GitHub Pull Request

question

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

claunia

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: SabreTools/BinaryObjectScanner#70