[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] MyDoom download info.

To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] MyDoom download info.
From: "first last" <randnut@hotmail.com>
Date: Sat, 31 Jan 2004 12:07:27 +0000

> It's still UPX packed, but it won't unpack with "UPX -d" because the author > used a simple UPX scrambler. Either undo what he did or unpack it manually > and you'll see all the code.

It actually un-UPX-ed just fine for me. What version have you been trying?

MyDoom.B as posted by someone else on this list. UPX -d doesn't work so you have to do it manually which shouldn't be a problem.

It disassembled nicely after that. The only other obfuscation (apart from
quite a bit of wild jmp'ing around) is the rot13'ed strings, which isn't,
erm, too challenging. Anything else?

Anyone with basic assembler knowledge could understand MyDoom and any other virus.

_________________________________________________________________ High-speed users?be more efficient online with the new MSN Premium Internet Software. http://join.msn.com/?pgmarket=en-us&page=byoa/prem&ST=1

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] MyDoom download info.
  - From: jan.muenther@nruns.com

Prev by Date: Re: [Full-Disclosure] MyDoom download info.
Next by Date: Re: [Full-Disclosure] MyDoom download info.
Previous by thread: Re: [Full-Disclosure] MyDoom download info.
Next by thread: Re: [Full-Disclosure] MyDoom download info.
Index(es):
- Date
- Thread