Full Disclosure mailing list archives
Re: [Full-Disclosure] RE: [Full-disclosure]Not into Refuting tall-tales and stories abo ut the Mydoom worms
From: jan.muenther () nruns com
Date: Sat, 31 Jan 2004 00:47:14 +0100
the possibility? There is plenty of unanalyzed code and looking at the dissassembled code there are fingerprints of a tsr and forth in my opinion,
Plenty, eh? After de-UPX-ization, this thing is about 56k. TSR in Windows? And where do you see the Forth traces? Looks a heck of a lot more like VC++ to me.
Were the int calls examined for suspicious behavior?
Int calls, eh? You're aware that this is a PE binary? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [Full-Disclosure] RE: [Full-disclosure]Not into Refuting tall-tales and stories abo ut the Mydoom worms Clairmont, Jan (Jan 30)
- [Full-Disclosure] RE: [Full-disclosure]Not into Refuting tall-tales and stories abo ut the Mydoom worms Joe Stewart (Jan 30)
- Re: [Full-Disclosure] RE: [Full-disclosure]Not into Refuting tall-tales and stories abo ut the Mydoom worms jan . muenther (Jan 30)