Penetration Testing mailing list archives

Re: [PEN-TEST] Suspect .EXE Trojan

From: MadHat <madhat () UNSPECIFIC COM>
Date: Fri, 15 Dec 2000 12:55:51 -0800

There is also the CygWin tools, that have a fairly large number of unix
tools ported to Win32.  Works quite well...
Yes it is hosted by redhat

http://sources.redhat.com/cygwin

At 08:30 AM 12/15/2000 +0000, you wrote:

Hi folks,

Not just for *NIX users ;-)
http://www.foundstone.com/resources/tools.html for BinHex3, or
http://www.sysinternals.com/misc.htm for strings.

Regards,
            JJ


----- Original Message -----
From: "Ben Ford" <bford () TALONTECH COM>
To: <PEN-TEST () SECURITYFOCUS COM>
Sent: Friday, December 15, 2000 12:46 AM
Subject: Re: Suspect .EXE Trojan


> If you have access to a Linux or other unix type box, the easiest way is
to run
> 'strings' on the file.  That will give you all the text information
contained
> within it and would tell you any registry keys modified or files accessed
etc.
[snip]

____________________________________________
http://1cis.com
Free E-mail Servers with unlimited mailboxes
1st Class Internet Solutions


--
MadHat at unspecific.com

Current thread:

Re: [PEN-TEST] Raw Disk Mounter, (continued)
- - - Re: [PEN-TEST] Raw Disk Mounter Brian Russo (Dec 16)
    - Re: [PEN-TEST] Raw Disk Mounter Berend De Schouwer (Dec 16)
    - Re: [PEN-TEST] Raw Disk Mounter Jonathan Johnson (Dec 16)
    - Re: [PEN-TEST] Raw Disk Mounter c0ncept (Dec 16)
    - Re: [PEN-TEST] Suspect .EXE Trojan Mark Curphey (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Yonatan Bokovza (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Eaton, Arthur (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Ben Ford (Dec 15)
  - Re: [PEN-TEST] Suspect .EXE Trojan Nexus (Dec 16)
    - Re: [PEN-TEST] Suspect .EXE Trojan Pierre Vandevenne (Dec 16)
    - Re: [PEN-TEST] Suspect .EXE Trojan MadHat (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Frank Knobbe (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Andrew Lawton (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Bob Dog (Dec 16)
  - Re: [PEN-TEST] Suspect .EXE Trojan Tomi Tuominen (Dec 19)
- Re: [PEN-TEST] Suspect .EXE Trojan Jensen, Greg (Dec 17)
- Re: [PEN-TEST] Suspect .EXE Trojan Marty Richards (Dec 18)