[unisog] Decompiling virus binaries

Martin Sapsed m.sapsed at bangor.ac.uk
Tue Jul 22 08:34:32 GMT 2003

Jeff Bollinger wrote:
> We received what we believed to be a recent/(new to us) virus
> attachment, and short of running `strings` against the binary, what
> other methods/tools have y'all used to determine the contents of a virus
> binary?  I guess what I'm really asking is, do you know of any good
> de-compilers (hopefully for x86 Linux, GCC 3) that would be useful in
> this instance, or can I use an existing compiler to break the virus down
> to its source code?

Way too complicated for me - I just send it on to my Anti-Virus company 
(currently Sophos) and ask them to check it out. With all the encryption 
and stuff I'd doubt that strings would help much?



Martin Sapsed				
Information Services               "Who do you say I am?"
University of Wales, Bangor             Jesus of Nazareth

More information about the unisog mailing list