Full Disclosure mailing list archives
Re: MyDoom download info.
From: jan.muenther () nruns com
Date: Sat, 31 Jan 2004 12:46:33 +0100
It's still UPX packed, but it won't unpack with "UPX -d" because the author used a simple UPX scrambler. Either undo what he did or unpack it manually and you'll see all the code.
It actually un-UPX-ed just fine for me. What version have you been trying? It disassembled nicely after that. The only other obfuscation (apart from quite a bit of wild jmp'ing around) is the rot13'ed strings, which isn't, erm, too challenging. Anything else? I've only looked quickly at it during a train ride. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- MyDoom download info. Feher Tamas (Jan 31)
- <Possible follow-ups>
- RE: MyDoom download info. first last (Jan 31)
- Re: MyDoom download info. jan . muenther (Jan 31)
- Re: MyDoom download info. first last (Jan 31)
- Re: MyDoom download info. jan . muenther (Jan 31)
- Re[2]: MyDoom download info. Papp Geza (Jan 31)