.Okay, I am trying to dissect what appears to be some kind of IRC based bot that infected a friends computer. There is one file that is really bugging me though. I know from the filename that it is probably part of an FTP server, but it has been packed with something - I have tried numerous ways of figuring out the packer, but keep getting inconsistent results. So far I have had it detect as 'PseduoSigner', 'MEW', 'Neolite' & 'tElock'. I tried to examin it using StudPE, but just attempting to open it causes StudPE to crash. I was leaning towards the 'tElock' verdict, until I got poking @ it in OllyDbg (it behaves weirdly). If anyone could determine what this DLL is packed with (or provide guidance as to how to unpack it), I'd appreciatet it. (BTW, the original file from the FTP product isn't packed, and is of the size 2019328 bytes). Here is the DLL: http://www.uploading.com/files/YFVDBJPL/pkdDLL.7z.html
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}