hmmm ... anyone tried unpacking bagle.z ?
i believe its packed with upx (atleast so it looks
from the UPX1 string in it ...) but it seems the file
is "corrupted" ... symantec says it adds some random
on the end of it, so the crc is not valid.
i wonder if there is a way to know from what point on
there is that random data, and if there is a way of
coding a program that would load up PE file, and check
if it has shit in it.
one way would be to substract byte by byte from the end
and compare each time to the crc written in header ...
but i wonder if you know of any better ways to do this