"Tiago Halm" <[EMAIL PROTECTED]> wrote: <<snip>> > Size: 74142 bytes > > Executed strings (ANSI and UNICODE) on it, but could not find anything > relevant.
Because it is compressed -- at runtime a stub routine decompresses the bulk of the .EXE file into memory, fixes things up and then starts "normal" execution of the program... > Also ran DUMPBIN /ALL and saw only the following imports: > > Section contains the following imports: > > KERNEL32.DLL <<snip>> > MSVBVM60.DLL <<snip>> > Does anyone recognize something with this? >From the above and earlier clues, it sounds like it should be Sober.C (or perhaps a similar, new Sober variant?). Does a reliable, up-to- date virus scanner detect it? > I someone needs the attachment, I'll send it zipped by email. If it is not detected by major virus scanners, send a sample to their developers. No-one else "needs" it... -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
