[SOLVED] How do you Extract a malicious entity from an effected file or app without harming the file or app?

itrip

Reputable
Feb 4, 2019
562
38
5,040
31
Yeah so I've seen my share of effected files or apps, but how do you really separate the maliciousness from the file or app that you could otherwise just delete, but rather would keep and use if it wasn't effected anymore?

There has to be some way to do this so people can examine the malicious part of an effected exe or whatever for example, and then discard only that part.
 
Last edited:

USAFRet

Titan
Moderator
Mar 16, 2013
157,447
12,062
176,090
24,358
Yeah so I've seen my share of effected files or apps, but how do you really separate the maliciousness from the file or app that you could otherwise just delete, but rather would keep and use if it wasn't effected anymore?

There has to be some way to do this so people can examine the malicious part of an effected exe or whatever for example, and then discard only that part.
No.
This would be like taking an already baked cake, and removing only the egg.

Delete and obtain a clean one.

You could flail about with a hex editor, but 'removing' the malicious part would probably kill the whole thing.
Decompiling an exe is non-trivial.

If you were a researcher in this field, getting paid to do this...go for it. But you almost certainly can't return this exe to its original condition.
 

USAFRet

Titan
Moderator
Mar 16, 2013
157,447
12,062
176,090
24,358
Yeah so I've seen my share of effected files or apps, but how do you really separate the maliciousness from the file or app that you could otherwise just delete, but rather would keep and use if it wasn't effected anymore?

There has to be some way to do this so people can examine the malicious part of an effected exe or whatever for example, and then discard only that part.
No.
This would be like taking an already baked cake, and removing only the egg.

Delete and obtain a clean one.

You could flail about with a hex editor, but 'removing' the malicious part would probably kill the whole thing.
Decompiling an exe is non-trivial.

If you were a researcher in this field, getting paid to do this...go for it. But you almost certainly can't return this exe to its original condition.
 

ASK THE COMMUNITY