Full Disclosure mailing list archives

Re: Unpacking Sasser

From: IndianZ <indianz () indianz ch>
Date: Sun, 2 May 2004 13:40:18 +0200

Can you pls send me a copy for analysis?
Thanx...

GreetZ from IndianZ

mailto:indianz () indianz ch
http://www.indianz.ch





On Sunday 02 May 2004 10.37, Tom K wrote:

Stupidly I was infected with Sasser last night and whilst trying to
identify the program I found that the code was packed and I could find no
way of idenifying the packer from the EXE (avserve.exe produced no relevant
hits on Google). Could anyone tell me what unpacker to use to analyse the
code? And how was this determined?

Cheers in Advance.

Tom

P.S: If anyone would like a copy of the file to look at, feel free to ask.

P.S.S: This is my first post, go easy. ;)

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar  get it now!
http://toolbar.msn.com/go/onm00200415ave/direct/01/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Unpacking Sasser Tom K (May 02)
- Re: Unpacking Sasser IndianZ (May 02)
  - Re: Unpacking Sasser Byron Copeland (May 02)
- Re: Unpacking Sasser Andrew Ruef (May 02)
  - Re: Unpacking Sasser - (May 02)
    - Re: Unpacking Sasser Lee (May 02)
    - Re: Unpacking Sasser Nick FitzGerald (May 02)
    - Re: Unpacking Sasser Lee (May 03)
    - Determinig VMWare environment (was: Unpacking Sasser) Spiro Trikaliotis (May 03)
    - Re: Determinig VMWare environment (was: Unpacking Sasser) Lee (May 03)
    - Re: Unpacking Sasser Gary E. Miller (May 03)
    - Catching Sasser Shashank Rai (May 04)

(Thread continues...)