Penetration Testing mailing list archives

Re: [PEN-TEST] Suspect .EXE Trojan

From: Frank Knobbe <FKnobbe () KNOBBEITS COM>
Date: Thu, 14 Dec 2000 20:17:10 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

-----Original Message-----
From: Ben Ford [mailto:bford () TALONTECH COM]
Sent: Thursday, December 14, 2000 6:46 PM

If you have access to a Linux or other unix type box, the
easiest way is to run
'strings' on the file.  That will give you all the text
information contained
within it and would tell you any registry keys modified or
files accessed etc.



strings is also available from Sysinternals.com for Win32. It lists
ASCII and Unicode strings.

Regards,
Frank

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: PGP or S/MIME encrypted email preferred.

iQA/AwUBOjl/JkRKym0LjhFcEQJHegCgxuQ/tm0BqUUWg4VSF/rOInBwXc8AoKGt
ETZLBwnyZeJf3bId6HVxEjVH
=CUXT
-----END PGP SIGNATURE-----

Current thread:

Re: [PEN-TEST] Raw Disk Mounter, (continued)
- - - Re: [PEN-TEST] Raw Disk Mounter Berend De Schouwer (Dec 16)
    - Re: [PEN-TEST] Raw Disk Mounter Jonathan Johnson (Dec 16)
    - Re: [PEN-TEST] Raw Disk Mounter c0ncept (Dec 16)
    - Re: [PEN-TEST] Suspect .EXE Trojan Mark Curphey (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Yonatan Bokovza (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Eaton, Arthur (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Ben Ford (Dec 15)
  - Re: [PEN-TEST] Suspect .EXE Trojan Nexus (Dec 16)
    - Re: [PEN-TEST] Suspect .EXE Trojan Pierre Vandevenne (Dec 16)
    - Re: [PEN-TEST] Suspect .EXE Trojan MadHat (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Frank Knobbe (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Andrew Lawton (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Bob Dog (Dec 16)
  - Re: [PEN-TEST] Suspect .EXE Trojan Tomi Tuominen (Dec 19)
- Re: [PEN-TEST] Suspect .EXE Trojan Jensen, Greg (Dec 17)
- Re: [PEN-TEST] Suspect .EXE Trojan Marty Richards (Dec 18)