Penetration Testing mailing list archives
Re: [PEN-TEST] Suspect .EXE Trojan
From: Nexus <nexus () PATROL I-WAY CO UK>
Date: Fri, 15 Dec 2000 08:30:55 -0000
Hi folks, Not just for *NIX users ;-) http://www.foundstone.com/resources/tools.html for BinHex3, or http://www.sysinternals.com/misc.htm for strings. Regards, JJ ----- Original Message ----- From: "Ben Ford" <bford () TALONTECH COM> To: <PEN-TEST () SECURITYFOCUS COM> Sent: Friday, December 15, 2000 12:46 AM Subject: Re: Suspect .EXE Trojan
If you have access to a Linux or other unix type box, the easiest way is
to run
'strings' on the file. That will give you all the text information
contained
within it and would tell you any registry keys modified or files accessed
etc. [snip] ____________________________________________ http://1cis.com Free E-mail Servers with unlimited mailboxes 1st Class Internet Solutions
Current thread:
- Re: [PEN-TEST] Raw Disk Mounter, (continued)
- Re: [PEN-TEST] Raw Disk Mounter Crist Clark (Dec 16)
- Re: [PEN-TEST] Raw Disk Mounter Ryan Russell (Dec 16)
- Re: [PEN-TEST] Raw Disk Mounter Brian Russo (Dec 16)
- Re: [PEN-TEST] Raw Disk Mounter Berend De Schouwer (Dec 16)
- Re: [PEN-TEST] Raw Disk Mounter Jonathan Johnson (Dec 16)
- Re: [PEN-TEST] Raw Disk Mounter c0ncept (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Mark Curphey (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Yonatan Bokovza (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Eaton, Arthur (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Ben Ford (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Nexus (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Pierre Vandevenne (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan MadHat (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Nexus (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Frank Knobbe (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Andrew Lawton (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Bob Dog (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Tomi Tuominen (Dec 19)
- Re: [PEN-TEST] Suspect .EXE Trojan Jensen, Greg (Dec 17)
- Re: [PEN-TEST] Suspect .EXE Trojan Marty Richards (Dec 18)