To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ---------- UPX should leave the unpacked binary in memory. If you can afford to run it (say, in a vmware'd sandbox which you can easily revert to pre-run state), then merely executing it under OllyDbg, and then using the OllyDump plugin to dump the contents of memory after the process exits should give you some useful data - not necessarily an executable which will run, but at least enough strings for analysis.
On Fri, Mar 17, 2006 at 09:30:48AM +0000, Tron babbled thus: > I just need to perfect how to find that uncompressed and running binary > somewhere in memory. So far my practise runs using various utilities - > the latest one being OllyDbg - have only uncovered the compressed > binary. Bah, I'm missing some Sacred Knowledge methinks. -- PinkFreud Chief of Security, Nightstar IRC network irc.nightstar.net | www.nightstar.net Server Administrator - Blargh.CA.US.Nightstar.Net Unsolicited advertisements sent to this address are NOT welcome. _______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
