> the possibility? There is plenty of unanalyzed code and looking at the > dissassembled code there are fingerprints of a tsr and forth in my opinion,
Plenty, eh? After de-UPX-ization, this thing is about 56k. TSR in Windows? And where do you see the Forth traces? Looks a heck of a lot more like VC++ to me. > Were the int > calls > examined for suspicious behavior? Int calls, eh? You're aware that this is a PE binary? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
