RE: [Fxruby-users] Test
Status: Inactive
Brought to you by:
lyle
Menu
▾
▴
RE: [Fxruby-users] Test
|
From: Robert M. <ro...@ta...> - 2004-01-26 23:04:49
|
||The message contains Unicode characters and has been sent as a binary ||attachment. Hmm, don't do anything with that attachment. Rather suspicious that it contains a file called document.pif. Repeat don't run it. If you want to look at it safely use (if you use windows) the command prompt to rename it (either ren or move). You cannot use explorer (certainly on XP) as it lets you change the document name but retains the .pif extension. Looking at the file in Ultraedit, towards the very end of it are the following references: KERNEL32.DLL ADVAPI32.dll MSVCRT.dll USER32.dll WS2_32.dll LoadLibraryA GetProcAddress ExitProcess RegCloseKey memset wsprintfA There isn't much clear text in it, apart from a reference to notepad, Data, Profile. There is a header in it "1.24 UPX!" which marks it as compressed by "The Ultimate Packer for eXecutables" -- http://upx.sourceforge.net/ I'd try and break more data out but I need some sleep. If anyone does look into the file after uncompressing it, let me know I'd like to know more about it. Otherwise I'll have a crack tomorrow. Rob --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.566 / Virus Database: 357 - Release Date: 22/01/2004 |
