Full Disclosure mailing list archives

Re: [Full-Disclosure] RE: [Full-disclosure]Not into Refuting tall-tales and stories abo ut the Mydoom worms

From: jan.muenther () nruns com
Date: Sat, 31 Jan 2004 00:47:14 +0100

the possibility?  There is plenty of unanalyzed code and looking at the
dissassembled code there are fingerprints of a tsr and forth in my opinion,


Plenty, eh? After de-UPX-ization, this thing is about 56k. 
TSR in Windows? 
And where do you see the Forth traces? 
Looks a heck of a lot more like VC++ to me.

Were the int
calls
examined for suspicious behavior?


Int calls, eh? You're aware that this is a PE binary?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

[Full-Disclosure] RE: [Full-disclosure]Not into Refuting tall-tales and stories abo ut the Mydoom worms Clairmont, Jan (Jan 30)
- [Full-Disclosure] RE: [Full-disclosure]Not into Refuting tall-tales and stories abo ut the Mydoom worms Joe Stewart (Jan 30)
- Re: [Full-Disclosure] RE: [Full-disclosure]Not into Refuting tall-tales and stories abo ut the Mydoom worms jan . muenther (Jan 30)