lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20040130234714.GA975@ergo.nruns.com> From: jan.muenther at nruns.com (jan.muenther@...ns.com) Subject: RE: Not into Refuting tall-tales and stories abo ut the Mydoom worms > the possibility? There is plenty of unanalyzed code and looking at the > dissassembled code there are fingerprints of a tsr and forth in my opinion, Plenty, eh? After de-UPX-ization, this thing is about 56k. TSR in Windows? And where do you see the Forth traces? Looks a heck of a lot more like VC++ to me. > Were the int > calls > examined for suspicious behavior? Int calls, eh? You're aware that this is a PE binary?
Powered by blists - more mailing lists