[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Unpacking Sasser

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] Unpacking Sasser
From: "Tom K" <keetch_tw@xxxxxxxxxxx>
Date: Sun, 02 May 2004 08:37:27 +0000

Stupidly I was infected with Sasser last night and whilst trying to identify the program I found that the code was packed and I could find no way of idenifying the packer from the EXE (avserve.exe produced no relevant hits on Google). Could anyone tell me what unpacker to use to analyse the code? And how was this determined?

Cheers in Advance.

Tom

P.S: If anyone would like a copy of the file to look at, feel free to ask.

P.S.S: This is my first post, go easy. ;)

_________________________________________________________________ FREE pop-up blocking with the new MSN Toolbar ? get it now! http://toolbar.msn.com/go/onm00200415ave/direct/01/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Unpacking Sasser
  - From: IndianZ
- Re: [Full-Disclosure] Unpacking Sasser
  - From: Andrew Ruef

Prev by Date: [Full-Disclosure] A rather newbie question
Next by Date: Re: [Full-Disclosure] Innocent newbie question...
Previous by thread: Re: [Full-Disclosure] A rather newbie question
Next by thread: Re: [Full-Disclosure] Unpacking Sasser
Index(es):
- Date
- Thread