Decompiling virus binaries

Jeff Bollinger jeff01 at email.unc.edu
Mon Jul 21 15:54:09 GMT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

We received what we believed to be a recent/(new to us) virus
attachment, and short of running `strings` against the binary, what
other methods/tools have y'all used to determine the contents of a virus
binary?  I guess what I'm really asking is, do you know of any good
de-compilers (hopefully for x86 Linux, GCC 3) that would be useful in
this instance, or can I use an existing compiler to break the virus down
to its source code?

Thanks,
Jeff
- --
Jeff Bollinger, CISSP
University of North Carolina
IT Security Analyst
105 Abernethy Hall
mailto: jeff @unc dot edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/HAyhvoVlxVBmgsURAtoDAJ46zxmkgpqO7Uds5z96VheENS+/jQCfRRZE
EzMDX6rgN+OWnyhmkERvAks=
=aAXb
-----END PGP SIGNATURE-----



More information about the unisog mailing list