Malware Domain List

Malware Related => Malware Analysis => Topic started by: mystery_reverse on May 18, 2010, 11:29:17 am

Title: Need to reverse this file - Help me out
Post by: mystery_reverse on May 18, 2010, 11:29:17 am
Hello guys,

I am a newbie to reverse engineering! I came across this file which need to be reversed.

Can somebody reverse this file using Olly Dbg and let me know the complete description what this file does?

Complete description will be appreciated. Please help me out guys.

The given file is password protected, password is "infected" without quotes.

Regards,
Mystery reverse
Title: Re: Need to reverse this file - Help me out
Post by: parody on May 19, 2010, 03:52:14 am
Looks like a crackme from securityfocus.

Connects to their SMTP server and sends an email to jmiller[at]securityfocus.com


Code: [Select]
mov     word ptr [ebp+name.sa_data], ax
mov     esi, esp
push    offset cp       ; "205.206.231.9"
call    ds:inet_addr
cmp     esi, esp
call    __chkesp
mov     dword ptr [ebp+name.sa_data+2], eax
mov     esi, esp
push    0               ; protocol
push    1               ; type
push    2               ; af
call    ds:socket
.
.
mov     esi, esp
push    0               ; flags
push    offset buf      ; "helo ants\r\n"
call    _strlen
add     esp, 4
push    eax             ; len
push    offset buf      ; "helo ants\r\n"
mov     edx, [ebp+s]
push    edx             ; s
call    ds:send
.
.
.
push    offset aSubjectThisMig ; "subject: this might be about ants\r\n"


I'm guessing this would be part of a course..  so I'd not give too much away. You'll learn to reverse better by doing it and not just getting someone else to do it for you. I'm happy to help explain things if you run into problems.