For a coursework, I have to analyse a malware.
It is a .EXE Win32 Cabinet Self-extractor file. (that's how windows see it, it actually start with 4D 5A 00 03 Hex). When run, it extract all the files in a folder created, run the malware (batch/VBS files) which at the end delete the folder with the malware files.
I was wondering how is it possible to extract witout executing the malware? I used ProcDump32 but it gives me: "Process is not 32bits or can't be loaded or is already finished !".
Somehow, I succeed to stucked ProcDump32 and get the folder for few second and copied it before it "disapear" so I got the files, but I'm not sure I gathered all of them and I would like to do it in a proper way.
So I'm looking for an application which can extract the content of a Win32 Cab Self-Extractor file without executing the output files and, if possible, giving the list of extracted files.
You can also use
/?
on the Self-extractor file, it should show/X:path
or/T:path /C
to extract the content (according to microsoft kb 262841 and 197147)