To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- -----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160
Gadi Evron wrote: > M45T3R S4D0W8 wrote: <snip> >> There are various Utilitys for making it impossable to Unpack a UPXed >> EXE. > Nothing is impossible. Not trying to be annoying.. just is. The mere fact that the rp5.exe binary actually runs in a Windows system means that *it* manages to uncompress itself, and that somewhere in RAM on that system there is an uncompressed version being executed. Ergo, it is perfectly possible to uncompress it. ;) I just need to perfect how to find that uncompressed and running binary somewhere in memory. So far my practise runs using various utilities - the latest one being OllyDbg - have only uncovered the compressed binary. Bah, I'm missing some Sacred Knowledge methinks. The quicker and dirtier way of course is to snoop on the network traffic which is being generated by the running malware, but in my opinion additional detail could be gained from direct examination of the code. Regards. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFEGoHIBzVUSpB18YoRAwEUAJ9mBkzIsBqUvpv+hsvjYasybOYoBwCgmiMj LDqTlozJIFSZFYti9kCDvmY= =Ze2F -----END PGP SIGNATURE----- _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
