[unisog] Decompiling virus binaries

Jordan Wiens jwiens at nersp.nerdc.ufl.edu
Wed Jul 23 19:31:38 GMT 2003

Fenris might be useful as well:

Can't say much how it compares to a 'real' (IDA) product, but it's at
least cheaper.

As others pointed out, that sort of task is not for the faint of heart.

Jordan Wiens
UF Network Incident Response Team

On Mon, 21 Jul 2003, Jeff Bollinger wrote:

> Hash: SHA1
> We received what we believed to be a recent/(new to us) virus
> attachment, and short of running `strings` against the binary, what
> other methods/tools have y'all used to determine the contents of a virus
> binary?  I guess what I'm really asking is, do you know of any good
> de-compilers (hopefully for x86 Linux, GCC 3) that would be useful in
> this instance, or can I use an existing compiler to break the virus down
> to its source code?
> Thanks,
> Jeff
> - --
> Jeff Bollinger, CISSP
> University of North Carolina
> IT Security Analyst
> 105 Abernethy Hall
> mailto: jeff @unc dot edu
> Version: GnuPG v1.2.1 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> iD8DBQE/HAyhvoVlxVBmgsURAtoDAJ46zxmkgpqO7Uds5z96VheENS+/jQCfRRZE
> EzMDX6rgN+OWnyhmkERvAks=
> =aAXb

More information about the unisog mailing list