lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.58.0405021244200.3081@catbert.rellim.com> From: gem at rellim.com (Gary E. Miller) Subject: Unpacking of malware, like Sasser -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yo Dennis! On Sun, 2 May 2004, Dennis Rand wrote: > There has not been so much talk as i could find on discovering how to > unpack a malware program like sasser and other viruses and worms, The old ways still work no matter the file packer. Load the virus up in your favorite debugger Run the program just until it is finished unpacking itself. Save the memory image as a core file. Run you favorite reverse-assembler in the core file. Depending on the skill level of you, the virus writer snd the packer writer this could be a snap or a real PITA. RGDS GARY - --------------------------------------------------------------------------- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 gem@...lim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAlVDf8KZibdeR3qURAifhAKCDFZ/4x6ahOu9AajRDxnYEYLqfywCeN/KS 64y8Cgwz4/nJ3jjzuYsvHeI= =LeIY -----END PGP SIGNATURE-----
Powered by blists - more mailing lists