[Packer] Ghost Installer Module #89

New Issue

claunia · 2026-01-29T21:05:49Z

claunia commented

2026-01-29 21:05:49 +00:00

Originally created by @Flashfire42 on GitHub (Mar 15, 2022).

14:22:09 | E:\WinAlchemy_setup.exe | Ghost Installer Module | UPX 1.20
VirusTotal Link
https://www.virustotal.com/gui/file/b2fc4cffe5131195baf419e96c9fa68c3f23208986fb14e3c5b458b1e7d6af89/details
MD5: 52d47fc833391151eb99136d98558901
SHA-1: 16ff676c6ce14b0868ad5474cfa5b69445d469f2
SHA-256: b2fc4cffe5131195baf419e96c9fa68c3f23208986fb14e3c5b458b1e7d6af89

Originally created by @Flashfire42 on GitHub (Mar 15, 2022). 14:22:09 | E:\WinAlchemy_setup.exe | Ghost Installer Module | UPX 1.20 VirusTotal Link https://www.virustotal.com/gui/file/b2fc4cffe5131195baf419e96c9fa68c3f23208986fb14e3c5b458b1e7d6af89/details MD5: 52d47fc833391151eb99136d98558901 SHA-1: 16ff676c6ce14b0868ad5474cfa5b69445d469f2 SHA-256: b2fc4cffe5131195baf419e96c9fa68c3f23208986fb14e3c5b458b1e7d6af89

claunia closed this issue

2026-01-29 21:05:50 +00:00

claunia commented

2026-01-29 21:05:50 +00:00

@mnadareski commented on GitHub (Sep 8, 2025):

Sample is compressed with UPX

Decompressed resource:

            Item level: 5 (0x00000005)
            Integer ID: 0 (0x00000000)
              Base types: 5, DLG_PRESETUP, 0
              Entry level: 6 (0x00000006)
              Data RVA: 264088 (0x00040798)
              Size: 240 (0x000000F0)
              Codepage: 0 (0x00000000)
              Reserved: 0 (0x00000000)
              Version: 1 (0x0001)
              Signature: 65535 (0xFFFF)
              Help ID: 0 (0x00000000)
              Extended style: WS_EX_LEFT (0x00000000)
              Style: CCS_NODIVIDER, DS_SETFOREGROUND, DS_CENTER, WS_CAPTION (0x00C00A40)
              Item count: 2 (0x0002)
              X-coordinate of upper-left corner: 0 (0x0000)
              Y-coordinate of upper-left corner: 0 (0x0000)
              Width of the dialog box: 262 (0x0106)
              Height of the dialog box: 34 (0x0022)
              Menu resource: [NULL]
              Menu resource ordinal: 0 (0x0000)
              Class resource: [NULL]
              Class resource ordinal: 0 (0x0000)
              Title resource: Ghost Installer initializing...
              Point size: 8 (0x0008)
              Weight: 400 (0x0190)
              Italic: 0 (0x00)
              Character set: 1 (0x01)
              Typeface: MS Sans Serif

End of overlay data:

47 49 50 45 4E 44    GIPEND

@mnadareski commented on GitHub (Sep 8, 2025): Sample is compressed with UPX Decompressed resource: ``` Item level: 5 (0x00000005) Integer ID: 0 (0x00000000) Base types: 5, DLG_PRESETUP, 0 Entry level: 6 (0x00000006) Data RVA: 264088 (0x00040798) Size: 240 (0x000000F0) Codepage: 0 (0x00000000) Reserved: 0 (0x00000000) Version: 1 (0x0001) Signature: 65535 (0xFFFF) Help ID: 0 (0x00000000) Extended style: WS_EX_LEFT (0x00000000) Style: CCS_NODIVIDER, DS_SETFOREGROUND, DS_CENTER, WS_CAPTION (0x00C00A40) Item count: 2 (0x0002) X-coordinate of upper-left corner: 0 (0x0000) Y-coordinate of upper-left corner: 0 (0x0000) Width of the dialog box: 262 (0x0106) Height of the dialog box: 34 (0x0022) Menu resource: [NULL] Menu resource ordinal: 0 (0x0000) Class resource: [NULL] Class resource ordinal: 0 (0x0000) Title resource: Ghost Installer initializing... Point size: 8 (0x0008) Weight: 400 (0x0190) Italic: 0 (0x00) Character set: 1 (0x01) Typeface: MS Sans Serif ``` End of overlay data: ``` 47 49 50 45 4E 44 GIPEND ```

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: SabreTools/BinaryObjectScanner#89