About this bindfile.exe? No problems...

From: Sami Sihvonen (ss@janiika.com)
Date: 06/27/02 

From: Sami Sihvonen <ss@janiika.com>
Date: Thu, 27 Jun 2002 13:08:38 +0300

I got that bindfile.exe from one friendly hacker and I tested it.
You should not be worried about it. But do check how your system
got it. Below is screencapture about me testing it, you find info
about it there. Ask if you need something more?

---cut-here---
root@mail (root)$ ls -l bindfile.exe
-rw------- 1 bofh lusers 146108 Jun 26 18:48 bindfile.exe
root@mail (root)$ cat bindfile.exe |strings
This program must be run under Win32
UPX0
UPX1
.rsrc
$Info: This file is packed with the UPX executable packer
http://upx.tsx.org
$Id: UPX 1.07 Copyright (C) 1996-2001 the UPX Team. All Rights
Reserved.
UPX!
root@mail (root)$ rar t bindfile.exe

RAR 3.00 beta 7 Copyright (c) 1993-2002 Eugene Roshal 28 Apr 2002
Licensed to Janiika Networks Corporation Type RAR -? for help

Testing archive bindfile.exe

Testing bindfile OK
Testing bindfile\BindFile.exe OK
Testing bindfile\readme.txt OK
All OK
root@mail (root)$ rar x -r bindfile.exe

RAR 3.00 beta 7 Copyright (c) 1993-2002 Eugene Roshal 28 Apr 2002
Licensed to Janiika Networks Corporation Type RAR -? for help

Extracting from bindfile.exe

Creating bindfile OK
Extracting bindfile\BindFile.exe OK
Extracting bindfile\readme.txt OK
All OK
root@mail (root)$ chdir bindfile
root@mail (bindfile)$ ls -la
total 124
-rw------- 1 bofh lusers 126520 Apr 21 2000 bindfile.exe
-rw------- 1 bofh lusers 295 May 25 22:43 readme.txt
root@mail (bindfile)$ cat readme.txt |strings
BindFile
1.0 v
BindFile.EXE
4bit
:mincer
Homepage-> http://mincer.top263.net
Email-> mincer@263.net
root@mail (bindfile)$ cat bindfile.exe | strings
!This program cannot be run in DOS mode.
'1Rich
UPX0
UPX1
UPX2
`UPX3
@$Id: UPX 0.72 Copyright (C) 1996-1999 Laszlo Molnar & Markus
Oberhumer $
$Id: NRV 0.61 Copyright (C) 1996-1999 Markus F.X.J. Oberhumer $
$License: NRV for UPX is distributed under special license $
kernel32.dll
LoadLibraryA
GetProcAddress
KERNEL32.dll
USER32.dll
GDI32.dll
comdlg32.dll
WINSPOOL.DRV
ADVAPI32.dll
COMCTL32.dll
root@mail (bindfile)$ ms-dog
You are running multi-user mode. Are you sure (y/N)?y

Microsoft(R) MS-DOS(R) Version 6.20
             (C)Copyright Microsoft Corp 1981-1993.

C:\ROOT\BINDFILE> f-prot bindfile.exe | grep "suspicious"
No viruses or suspicious files/boot sectors were found.
C:\ROOT\BINDFILE> debug bindfile.exe
-u 0
11A9:0000 0E PUSH CS
11A9:0001 1F POP DS
11A9:0002 BA0E00 MOV DX,000E
11A9:0005 B409 MOV AH,09
11A9:0007 CD21 INT 21
11A9:0009 B8014C MOV AX,4C01
11A9:000C CD21 INT 21
11A9:000E 54 PUSH SP
11A9:000F 68 DB 68
11A9:0010 69 DB 69
11A9:0011 7320 JNB 0033
11A9:0013 7072 JO 0087
11A9:0015 6F DB 6F
11A9:0016 67 DB 67
11A9:0017 7261 JB 007A
11A9:0019 6D DB 6D
11A9:001A 206361 AND [BP+DI+61],AH
11A9:001D 6E DB 6E
11A9:001E 6E DB 6E
11A9:001F 6F DB 6F
-t =7f 01
AX=0000 BX=0001 CX=EC38 DX=0000 SP=00B6 BP=0000 SI=0000 DI=0000
DS=1199 ES=1199 SS=11A9 CS=11A9 IP=0082 NV UP EI NG NZ NA PO NC
11A9:0082 2131 AND [BX+DI],SI
DS:0001=FF20
-
---cut-here---

Quantcast