'Re: [Full-Disclosure] RE: [Full-Disclosure]Not into Refuting tall-tales and stories abo ut the Mydoo'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-Disclosure] RE: [Full-Disclosure]Not into Refuting tall-tales and stories abo ut the Mydoo
From:       jan.muenther () nruns ! com
Date:       2004-01-30 23:47:14
Message-ID: 20040130234714.GA975 () ergo ! nruns ! com
[Download RAW message or body]

> the possibility?  There is plenty of unanalyzed code and looking at the
> dissassembled code there are fingerprints of a tsr and forth in my opinion,

Plenty, eh? After de-UPX-ization, this thing is about 56k. 
TSR in Windows? 
And where do you see the Forth traces? 
Looks a heck of a lot more like VC++ to me. 

> Were the int
> calls
> examined for suspicious behavior? 

Int calls, eh? You're aware that this is a PE binary?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic