Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

English Whale

0 views
Skip to first unread message

Se...@thepentagon.com

unread,
Feb 23, 1998, 3:00:00 AM2/23/98
to

Well, I already requested a translation. I got two responses, each person came
through with a full translation. I'll ask one of my friends to post the source
here soon. I can't post binaries with Dejanews aparrently.

In search of fish #8
- Sea4

-----== Posted via Deja News, The Leader in Internet Discussion ==-----
http://www.dejanews.com/ Now offering spam-free web-based newsreading

SPo0ky

unread,
Feb 24, 1998, 3:00:00 AM2/24/98
to

Se...@Thepentagon.com wrote:

|>Well, I already requested a translation. I got two responses, each person came
|>through with a full translation. I'll ask one of my friends to post the source
|>here soon. I can't post binaries with Dejanews aparrently.

here it is, i got it form sea4 right now...

it is not the original source code... it looks more like a
disassembly... anyway...

see you!
--SPo0ky
[www.codebreakers.org]

DV

unread,
Feb 25, 1998, 3:00:00 AM2/25/98
to

I think a famous virus e-zine actually disassembled it and commented it. I think it
was 40Hex. I guess it's time to grep through all 14 indexes and check to see which
issue it was. :) Unless it was just a debug script, then I would be really pissed.
:)

aperson

unread,
Feb 25, 1998, 3:00:00 AM2/25/98
to

I believe it was just a debug script in 40Hex. :P

DV

unread,
Feb 25, 1998, 3:00:00 AM2/25/98
to

aperson wrote:

> I believe it was just a debug script in 40Hex. :P

Shit you're right. It is. Dammit. Well then I'm officially asking that guy who got the
translated sources to PLEASE POST IT :)


SPo0ky

unread,
Feb 26, 1998, 3:00:00 AM2/26/98
to

DV <n...@needed.com> wrote:

i posted it (i think 2 days ago)... didn't you get it yet!?

--SPo0ky

DV

unread,
Feb 26, 1998, 3:00:00 AM2/26/98
to

It's empty! But I'll take a closer look.

Spam Blaster

unread,
Feb 28, 1998, 3:00:00 AM2/28/98
to

On Wed, 25 Feb 1998 06:41:34 -0500, aperson
<do...@reply.to.me.via.email> wrote:

>I believe it was just a debug script in 40Hex. :P
>

>DV wrote:
>>
>> I think a famous virus e-zine actually disassembled it and commented it. I think it
>> was 40Hex. I guess it's time to grep through all 14 indexes and check to see which
>> issue it was. :) Unless it was just a debug script, then I would be really pissed.
>> :)
>>
>> SPo0ky wrote:
>>
>> > it is not the original source code... it looks more like a
>> > disassembly... anyway...

Okay, so run it through SSD and get a dissasembly/analysis or run it
through Sourcer and get a dissasembly.

Matt


RAiD

unread,
Mar 1, 1998, 3:00:00 AM3/1/98
to

In article <34f832cd...@news.reith.bbc.co.uk>,

sp...@hotmail.com (Spam Blaster) wrote:
>Okay, so run it through SSD and get a dissasembly/analysis or run it
>through Sourcer and get a dissasembly.

Sourcer? Muahaha, it won't accurately disassemble anything with
encryption layers beyond...2..


Email: juno@raid.x (swap to mail)
http://207.23.1.97/~raid/index.html
http://krile.dyn.ml.org/~raid/index.html

Matthew Probert

unread,
Mar 1, 1998, 3:00:00 AM3/1/98
to

On Sun, 01 Mar 98 18:08:27 GMT,
see.my.sig.for.email.address.@nospam.com (RAiD) wrote:

>In article <34f832cd...@news.reith.bbc.co.uk>,
> sp...@hotmail.com (Spam Blaster) wrote:
>>Okay, so run it through SSD and get a dissasembly/analysis or run it
>>through Sourcer and get a dissasembly.
>
>Sourcer? Muahaha, it won't accurately disassemble anything with
>encryption layers beyond...2..

Hence I suggest SSD which will decrypt, and then you can save the
decrypted code for disassembly (assuming a COM file original, but then
if one can't work out how to get an infected COM from an EXE one
shouldn't be playing with big boys toys anyway).

Incidentally, you say in another message that you see no need to use
your real name in public. I have just thought of one.

How does anyone know that you're not an AV company employee or a
policeman trying to entrap?

At least everytone knows who I am (even if I accidentally used an
alias in the "From" field yesterday).


Matt

RAiD

unread,
Mar 1, 1998, 3:00:00 AM3/1/98
to

In article <34f9be6e...@news.reith.bbc.co.uk>,

anon...@xyz.com (Matthew Probert) wrote:
>Hence I suggest SSD which will decrypt, and then you can save the
>decrypted code for disassembly (assuming a COM file original, but then
>if one can't work out how to get an infected COM from an EXE one
>shouldn't be playing with big boys toys anyway).

heh...People who can't tell the difference shouldn't be playing with
viruses.


>Incidentally, you say in another message that you see no need to use
>your real name in public. I have just thought of one.

Oh?

>How does anyone know that you're not an AV company employee or a
>policeman trying to entrap?

Have you visited the URL in my signature? Do I act anything like an AV
person? Would a policeman write and distribute (via webpage of course.)
live virus binaries and source code? please...think before you suggest
such nonsense.


>At least everytone knows who I am (even if I accidentally used an
>alias in the "From" field yesterday).

And i should care?

0 new messages