Penetration Testing mailing list archives
Re: [PEN-TEST] Suspect .EXE Trojan
From: Andrew Lawton <ALawton () INFOSYSINC COM>
Date: Fri, 15 Dec 2000 12:13:00 -0500
If you do this, one thing to keep in mind is to try different values of the -n flag on strings. As I recall, tribal-flood used 3 character command strings. The default of 4 would miss this, obviously. 'drew -----Original Message----- From: Ben Ford [mailto:bford () TALONTECH COM] Sent: Thursday, December 14, 2000 7:46 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] Suspect .EXE Trojan If you have access to a Linux or other unix type box, the easiest way is to run 'strings' on the file. That will give you all the text information contained within it and would tell you any registry keys modified or files accessed etc. Good luck. -b "Ruso, Anthony" wrote:
Hi, I have a suspect executable that I think may be a Trojan. A search on the .exe doesn't return any result with any virus vendor. Are there any tools that would allow me to execute the file in isolation and actually see
what's
going on. The file was already executed on two workstations and it killed Outlook in both cases. I know I can use tripwire and similar products to
see
what files it makes changes to but I don't want to risk killing outlook again. Thanks Anthony Ruso
Current thread:
- Re: [PEN-TEST] Raw Disk Mounter, (continued)
- Re: [PEN-TEST] Raw Disk Mounter Jonathan Johnson (Dec 16)
- Re: [PEN-TEST] Raw Disk Mounter c0ncept (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Mark Curphey (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Yonatan Bokovza (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Eaton, Arthur (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Ben Ford (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Nexus (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Pierre Vandevenne (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan MadHat (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Nexus (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Frank Knobbe (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Andrew Lawton (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Bob Dog (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Tomi Tuominen (Dec 19)
- Re: [PEN-TEST] Suspect .EXE Trojan Jensen, Greg (Dec 17)
- Re: [PEN-TEST] Suspect .EXE Trojan Marty Richards (Dec 18)