.Does anyone know the packer associated with an entry point like this one? It's shown up in a few families of current malware:
.text:004012C5 start proc near
.text:004012C5
.text:004012C5 var_14 = dword ptr -14h
.text:004012C5
.text:004012C5 push ebp
.text:004012C6 mov ebp, esp
.text:004012C8 push 0FFFFFFFFh
.text:004012CA push 0
.text:004012CF push 0
.text:004012D4 mov eax, large fs:0
.text:004012DA push eax
.text:004012DB mov large fs:0, esp
.text:004012E2 push 0EB527209h
.text:004012E7 push ebx
.text:004012E8 push 2BEF53D4h
.text:004012ED push 2B0AD23h
.text:004012F2 call nullsub_1
.text:004012F7 push 0ACCEB026h
.text:004012FC call sub_401248
.text:00401301 push ecx
.text:00401302 call sub_401273
.text:00401307 push 90D3094Dh
.text:0040130C push 95601A48h
.text:00401311 push eax
.text:00401312 push edx
.text:00401313 call sub_40123B
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}