Which file types are actually executed during extraction by Universal Extractor?

Submitted by jbreland on Sun, 07/01/2007 - 14:49

Rochas (not verified)

Sun, 07/15/2007 - 20:22

Hello,

Thx for this information ! I have a question...When the new version of Universal Extractor ?

jbreland

Tue, 07/17/2007 - 01:13

In reply to by Rochas (not verified)

When it's done. :-) I'm hoping to release a beta version in the near future, and then of course the final version will be released sometime after that. I've been posting status updates every now and then on the MSFN UniExtract forum, if you're interested.

--
http://www.legroom.net/

JST posted a good question a while back in the Universal Extractor forum. He wanted to know if any executable files (such as installers) were actually run during the extraction process. For the vast majority of files, UniExtract will "rip" the contents out of the file using a extraction/decompression utility. For example, Inno Setup installers are handled by innounp, self-extracting Zip files are handled by 7-Zip or Info-ZIP, etc. However, there also cases where some files simply must be executed in order to extract the contents.

JST was concerned about this because he sometimes uses Universal Extractor to investigate malicious files. Obviously you want to be very careful when examining malicious files, so his concern was well justified. He asked for a list of file types that UniExtract will actually execute when extracting. It took me a while to get around to documented this, but I've finally done so. You can read the full list in this forum thread:

Are any files executed during extraction?

This is good information to know, especially if you ever work with suspicious files. I'm probably going to add this information to the main UniExtract page as well, and will look into possibly adding a warning message to UniExtract itself before executing any untrusted files.