0

enter image description here

I have been analyzing a Kazy (derp) Ramdo variant that is relatively recent and was surprised to see an access violation in resource hacker when trying to view an embedded bitmap. Is this common or potentially something more sinister? Is the next best course of action to run reshack in a debugger and watch what happens?

UPDATE

I manually saved the potentially offending bitmap in question by right clicking and pressing 'save'. I will analyze the bitmap independently.

perror
  • 19,083
  • 29
  • 87
  • 150
Fred Concklin
  • 233
  • 1
  • 6
  • 3
    There are various "mistakes" you can make when creating resources that cause different resource editors to crash. This can be done on purpose, see for example this question. Why your special variant of Kazy does this is probably answerable by noone but the creator. – Guntram Blohm Feb 17 '15 at 12:26
  • 1
    Cool, a zero day in Resource Hacker! You should better use another tool that was last updated at some more recent date than 2011. – joxeankoret Feb 17 '15 at 12:52
  • What would you suggest? CFFExplorer? – Fred Concklin Feb 17 '15 at 14:10
  • 1
    I know is of no help, but I typically use my own pure Python tools based on Python https://code.google.com/p/pefile/ in order to avoid such problems... – joxeankoret Feb 17 '15 at 16:17
  • @FredConcklin can you share the sample? || hash? Thanks – k0ng0 Feb 18 '15 at 15:07

0 Answers0