|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] Times up!
dennis
backtrace.de
Date: Fri Oct 24 2008 - 09:36:06 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>
> That said, it won't take much for someone to write self-replicating code
> exploiting this vulnerability.
I can now confirm what has been stated on the ThreatExpert blog. I
found shellcode at
file offset 0x4712A (or address 0x1004712A in IDA). Simple "sub 1"
payload decoder,
imports urlmon/UrlDownloadToFileA and WinExec to download a copy of
the Trojan.
MD5 of basesvc.dll: 82ba009746da8603c463f37e381a42a4
Cheers
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]