Full Disclosure mailing list archives
RE: Malicious Code Analysis
From: "Peter Kruse" <kruse () krusesecurity dk>
Date: Fri, 5 Aug 2005 09:59:41 +0200
Hi Mike, I was just wondering if you have submitted these lastad samples to any antivirus vendors? Although this malware is already identified by several vendors, some don't detect any of these "lastad" variants posted on your website. A good way to ensure that samples gets added for detection, and to help others, would be submitting samples to your prefered av-vendor. Also you should not use a hex editor to determine the format of a binary, since headers are easily modified. Use disassemblers/debuggers like olly, softice or IDA. As goes for M4ch3T3 Hax: You should start here: Introduction to Reverse Engineering Software http://www.acm.uiuc.edu/sigmil/RevEng/ The Reverse Engineering Team http://www.reteam.org/ Also looking for malware samples is simple searching google. Regards Peter Kruse
-----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of mike king Sent: 5. august 2005 02:40 To: full-disclosure () lists grok org uk; m4ch3t3 () gmail com Subject: Re: [Full-disclosure] Malicious Code Analysis -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here you go; I got this malware from a friend's machine that had been infected. This was about 2 months ago so there about. Use a hex editer to give you what it was packed with and then just go from there. Good luck and have fun. download it from here http://209.200.126.28/sample.zip "unzip" "rename the rar_ to .rar" "unrar". If anyone is wondering yes antivirus picks it up so don't worry. On Thu, 04 Aug 2005 15:19:14 -0700 M4ch3T3 Hax <m4ch3t3 () gmail com> wrote:Hello all, I have recently graduated from a computers & networking course at university and have spent alot of my time analysing network security from a scanning/sniffing/hardening point of view. I'm now becoming very interested in learning more aboutmalicious codeanalysis in a virtual machine environment. I have read documentation and set up the environment and tools etc.. However I have nomaliciouscode to look at! does anyone know of a way to get hold of some? Also, if anyone can recommend any further reading or sites etc. It would be very much appreciated! Cheers! _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/-----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.4 wkYEARECAAYFAkLyst0ACgkQUjm7xSZSd8Ec9wCfVCyeftO+crjrndW0QTWi/7TcH70A oJIlHd0nyKHnYsEGCiFUAiR1W6Iw =IGME -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Malicious Code Analysis M4ch3T3 Hax (Aug 04)
- Re: Malicious Code Analysis Dunceor . (Aug 05)
- Re: Malicious Code Analysis Ty Bodell (Aug 05)
- Re: Malicious Code Analysis Willem Koenings (Aug 05)
- <Possible follow-ups>
- Re: Malicious Code Analysis mike king (Aug 04)
- RE: Malicious Code Analysis Peter Kruse (Aug 05)
- RE: Malicious Code Analysis mike king (Aug 05)
- RE: Malicious Code Analysis Peter Kruse (Aug 05)
- RE: Malicious Code Analysis mike king (Aug 05)
- Re: Malicious Code Analysis Willem Koenings (Aug 05)