[Full-Disclosure] Depacting Sasser
From: Aaron Gray (angray_at_beeb.net)
Date: 08/08/04
- Previous message: Aaron Gray: "Re: [Full-Disclosure] Re: Anyone know IBM's security address? + Google Hack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <full-disclosure@lists.netsys.com> Date: Sun, 8 Aug 2004 18:26:39 +0100
Hi,
Looking for some help. I have sucessfull depacted Blaster, that was easy, just UPX decompaction. On my way to disassembling it.
I Depacted Gaobot using unpack32 a number of times to, deyoda it, then DePEComapct it must be older codec JCALC1 algorithm.
But cannot depact/decrypt Sasser I know it is compacted with PECompact, probably it newer algorithm FFCE codec.
I can grab a memory image of it but would really like a tool to depack/decrypt it.
So is there anything that will reverse code the newer PECompacts algorithm ?
Hope you can help,
Aaron
Sorry I do not normally trade virii, they are generally availiable on the web given a bit of searching.
I would trade for a depacted Sasser however.
I am purly studying the things for study only.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Aaron Gray: "Re: [Full-Disclosure] Re: Anyone know IBM's security address? + Google Hack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
