Binary Analysis Mode:
(Page 3 of 3)  < Prev  1 2 3 
compressed executable 2006-01-29
lopez_morales yahoo com

I have to analysis a binary file, but it appears to be compressed or encrypted. Do anyone knows how to know with what utility has been compressed?

Are there programs to know it?

or some kind of test to do?


[ more ]  [ reply ]
Malware Contest - CSRRT-LU 2006-01-24
Alexandre Dulaunoy (adulau uucp foo be)

=== CSRRT-LU Malware Contest ===

Sometime ago, we made the [[Honeylux]] contest and it was a very funny
and interesting contest. Now inside various projects at CSRRT-LU, we
are collecting a lot of undefined malware. We would like to give the
ability to all the people that are interested to

[ more ]  [ reply ]
New Phishing/Malware focused site 2006-01-21
Lance James (bugtraq securescience net)
Hi all,

I'm putting this out there, but there is a fairly new organization
called (Malicious Activity Awareness & Response) that has
a good blog, and some neat information on their site regarding malware
analysis, and phishing activity.

It's at if anyone is interest

[ more ]  [ reply ]
Re: Analysis setups and environments 2006-01-14
keydet89 yahoo com
My setup for binary analysis is probably a little (okay...a lot) different from most folks.

On the static analysis side, I'm using a hex editor (UltraEdit) and Perl. Since this isn't specifically "malware" or "executable" binary analysis, a hex editor is my viewer of choice. I'm creating Perl mod

[ more ]  [ reply ]
SF new column announcement: Patching a broken Windows 2006-01-09
Don Parker (dparker bridonsecurity com)
The following interview was published on SecurityFocus today:

Patching a broken Windows
interview by Robert Lemos

Robert Lemos interviews Datarescue's senior software developer Ilfak
Guilfanov, the creator of the unofficial patch for the flaw in the
Windows Meta File format that saw t

[ more ]  [ reply ]
SF new article announcement: Windows Rootkits of 2005 Part III 2006-01-05
Don Parker (dparker bridonsecurity com)
The following Infocus technical article was published on SecurityFocus

Windows rootkits of 2005, part three
By James Butler and Sherri Sparks

The third and final article in this series explores five different
rootkit detection techniques used to discover Windows rootkit

[ more ]  [ reply ]
Windows CE Address Book 2 2006-01-05
Jose Andre Morales (jam joemango com) (1 replies)
HI list memeber, does anyone know how to read/access/copy the contents of the
address book also called Contacts on a pocketpc ??? Im doing a bit of
research in this area and cannot seem to read the address book
entries, Im thinking they are in some obscure file that i dont know
the name of or in

[ more ]  [ reply ]
RE: Windows CE Address Book 2 2006-01-07
Peter Shoukry (pshoukry gmail com)
Analysis setups and environments 2006-01-04
Mike Tremoulet (coffeemike gmail com)
Happy New Year to everybody. As this list has gone quiet for some
time, hopefully this might spark a bit of discussion.

I'd like to know about the different analysis setups that people are
using to perform binary analysis - separate physical hardware, use of
virtual machines, favorite toolchains a

[ more ]  [ reply ]
Re: Malware as a research area 2005-12-27
auto349979 hushmail com
Hash: SHA1

Without going into detail, used a modified set program slicing
algorithm together with conditioning statements often used in
security validation and program verification proof techniques to
verify the potential existence of a vulnerability in a set of

[ more ]  [ reply ]
Malware as a research area 2005-12-27
auto349979 hushmail com
Hash: SHA1


I am currently in a PhD program focusing on information
security/assurance/whatever the buzzword is for it now. I'd like
to focus the research on malware.. not defending against, not how
to stop, not how bad it is, but the actual development and

[ more ]  [ reply ]
mwcollect v3.0.1 Release 2005-12-04
Georg Wicherski (georg-wicherski pixel-house net)
Hash: SHA1

The Honeynet Project is proud to announce the release of mwcollect
v3.0.1 which contains some minor bug fixes, two new shellcode parsers
and most importantly support for the Prelude IDS Aggregator.

mwcollect is a UNIX daemon dedicated to collecting in-

[ more ]  [ reply ]
something to discuss 2005-12-03
agoanywhere hotmail com
let's break the cold and cheerless here ;)

i tried to reverse some disasm code to c code yestoday .
is there something more affirmable to make the c code conform better with the original code ? especially in the mathematic-computing-codes

the following link is the executable file , an old but nice

[ more ]  [ reply ]
more MD5 colliding examples 2005-12-02
Gerardo Richarte (gera corest com)
hello everybody, last month we presented in a lightning talk at PacSec a
few interesting and somehow new things related to MD5 collisions: 2
different Win32 .EXE files with the same MD5 hash, and 4 different files
(inputs) with the same MD5 hash.

These are direct results of reimplementing the alrea

[ more ]  [ reply ]
Binary analysis 2005-11-28
vulnerabilty gmail com (1 replies)
i am reverse engineering a binary compressed by
PEcompact2. but after decompressing with all available decompresser. i am not able to decompress it. i executed the exe and seeing process memory i found that it is worm SDBot. does anyone know how to go for it.

[ more ]  [ reply ]
Re: Binary analysis 2005-11-28
Pedro Hugo (phugo highspeedweb net)
upx is not working, why? 2005-11-22
mao0524 hotmail com (1 replies)
Hi all,

I've got e-mail attached mailware.
When I used PEID, I found that file was compressed by upx.

[PEID status]
UPX 0.89.6 - 1.02 / 1.05 -> Markus & Laszlo

[PEID Section Viewer]
I can only see .rsrc section.
.rsrc 00032000(V.offset) 00001000(V.size) 0000D000(R.Offset) 00000400(R.Size) C00000

[ more ]  [ reply ]
Re: upx is not working, why? 2005-11-23
Chris Eagle (cseagle redshift com)
Reverse engineering course 2005-11-12
Don Parker (dparker bridonsecurity com)
Hi guys/gals,

I just took a reverse engineering course at the below noted link, and I
quite enjoyed it. I would of gotten more
from the course if my C and ASM were better, but it was still quite
worthwhile. Thought I would mention it
as I have not found any other course on reverse engineering off

[ more ]  [ reply ]
mwcollect v3.0.0 Release 2005-10-30
Georg Wicherski (georg-wicherski pixel-house net) (1 replies)
Hash: SHA1

The Honeynet Project and Research Alliance are pleased to announce the
release of mwcollect v3.0.0 on .

What's new?

The core has been completly rewritten. It is now even more modularized
and has prooven to be very stable. In

[ more ]  [ reply ]
ANN: Hex Blog 2005-10-30
Ilfak Guilfanov (ig hexblog com)
New mailing list 2005-10-28
Don Parker (dparker bridonsecurity com)
We are pleased to announce the creation of another mailing list on
SecurityFocus: Beta-Announce.


The primary objective of the Beta-Announce list is to provide the
SecurityFocus community access to upcoming security tool and product
beta trials. In the same vein it will provide access t

[ more ]  [ reply ]
Entry point analysis 2005-10-28
keydet89 yahoo com (1 replies)
Is anyone pursuing entry point analysis of PE files, particularly files that have been obfuscated/compressed/encrypted?

Does anyone have links to publicly available information on this topic?


H. Carvey
"Windows Forensics and Incident Recovery"

[ more ]  [ reply ]
Re: Entry point analysis 2005-10-28
David Perez-Conde (david perez conde gmail com) (2 replies)
Re: Entry point analysis 2005-10-28
Harlan Carvey (keydet89 yahoo com) (1 replies)
RE: Entry point analysis 2005-10-28
Chris Eagle (cseagle redshift com)
Re: Entry point analysis 2005-10-28
Harlan Carvey (keydet89 yahoo com) (1 replies)
Re: Entry point analysis 2005-10-28
David Perez-Conde (david perez conde gmail com)
(Page 3 of 3)  < Prev  1 2 3 


Privacy Statement
Copyright 2010, SecurityFocus