Re: Unpacking Sasser

["Lee" <cheekypeople () sec33 com>]

As a side note I use Vmware workstation and GSX server edition to create
enviroments that can be trashed and re-used at will, just wanted to add
another secure way of testing malware etc...

Regards

Lee @ STS
http://www.seethrusec.co.uk
Building Knowledge and Security..
----- Original Message ----- 
From: "-" <dsx_news () web de>
To: <full-disclosure () lists netsys com>
Sent: Sunday, May 02, 2004 6:47 PM
Subject: Re: [Full-disclosure] Unpacking Sasser


> I would like a copy fom Sasser, too.
>
> Thanks a lot....
>
> Greets fom Germany...
>
>
> > > Stupidly I was infected with Sasser last night and whilst trying to
identify
> > > the program I found that the code was packed and I could find no way of
> > > idenifying the packer from the EXE (avserve.exe produced no relevant
hits on
> > > Google). Could anyone tell me what unpacker to use to analyse the code?
And
> > > how was this determined?
> > >
> > > Cheers in Advance.
> > >
> > > Tom
> > >
> > > P.S: If anyone would like a copy of the file to look at, feel free to
ask.
> > > P.S.S: This is my first post, go easy. ;)
> > >
> > > _________________________________________________________________
> > > FREE pop-up blocking with the new MSN Toolbar  get it now!
> > > http://toolbar.msn.com/go/onm00200415ave/direct/01/
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html