[unisog] Decompiling virus binaries

Martin Sapsed m.sapsed at bangor.ac.uk
Tue Jul 22 08:34:32 GMT 2003


Jeff Bollinger wrote:
> We received what we believed to be a recent/(new to us) virus
> attachment, and short of running `strings` against the binary, what
> other methods/tools have y'all used to determine the contents of a virus
> binary?  I guess what I'm really asking is, do you know of any good
> de-compilers (hopefully for x86 Linux, GCC 3) that would be useful in
> this instance, or can I use an existing compiler to break the virus down
> to its source code?

Way too complicated for me - I just send it on to my Anti-Virus company 
(currently Sophos) and ask them to check it out. With all the encryption 
and stuff I'd doubt that strings would help much?

Cheers,

Martin

-- 
Martin Sapsed				
Information Services               "Who do you say I am?"
University of Wales, Bangor             Jesus of Nazareth



More information about the unisog mailing list