Penetration Testing mailing list archives
Re: [PEN-TEST] exe to txt mobile code conversion
From: Tom Vandepoel <tom.vandepoel () UBIZEN COM>
Date: Fri, 23 Mar 2001 09:56:19 +0100
Complx1 * wrote:
some time ago, (maybe months) someone posted about a tool which converted executeables to plain text, and easily back to executeable again by just saving the txt as a *.com does anyone know the name of this tool or where it can be found? (it was an NT application). any help much appreciated.
A lot of trojans use Lehigh Coder, some old DOS tool, ie. GodMessage uses it. Actually, it bootstraps first, using a minimal machine code implementation to put LCODER.EXE on the system (actually it writes a file called SHORT.SRC, which it assembles into SHORT.COM), then it uses LCODER to unpack the actual trojan. I spent some time adapting that to encapsulate something like NC.EXE and let that phone home, but I never found the time to finish it. You can probably find it somewhere on the web. If you can't, you can probably find GodMessage on packetstorm and get it out of there. Ofcourse, you never now if the LCODER.EXE itself wasn't modified in some evil way ;-) Tom. -- Tom Vandepoel Ubizen Sr. Security Engineer We Secure e-Business Phone +32 16 28 70 00 http://www.ubizen.com Fax +32 16 28 71 00 http://www.securitywatch.com
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- [PEN-TEST] exe to txt mobile code conversion Complx1 * (Mar 22)
- Re: [PEN-TEST] exe to txt mobile code conversion Ryan Permeh (Mar 22)
- Re: [PEN-TEST] exe to txt mobile code conversion Tom Vandepoel (Mar 23)
- Re: [PEN-TEST] exe to txt mobile code conversion Rick Redman (Mar 23)
- Re: [PEN-TEST] exe to txt mobile code conversion Matt W. (Mar 23)
- <Possible follow-ups>
- Re: [PEN-TEST] exe to txt mobile code conversion ashton thomas (Mar 23)
- Re: [PEN-TEST] exe to txt mobile code conversion ian . vitek (Mar 23)