Very interesting article(s)...
http://geek00l.blogspot.com/2006/03/monkey-tricks-extracting-virusesworms.htmlhttp://geek00l.blogspot.com/2006/04/tcpxtract-revisited.htmlhttp://geek00l.blogspot.com/2006/04/tcpxtract-addon.htmlIn a side note,this guy is also responsible for the development,
of a very cool network analysis live distro:
http://www.rawpacket.org/projects/hex-livecdActually,I was googling for info in detecting/extracting binaries,
even semi-corrupted,from pcap captures...
most network data reconstruction tools I've seen,
extract html pages,gif/jpg/png and zlib stuff...
don't know of anything towards executables.
If anyone is aware of...
Except from the above articles,
the only somehow related thing I've came across is:
http://honeytrap.mwcollect.org/pehunter.htmlThis one though is to be run on live streams,
utilizing unix sockets...as for portability...don't know...
I doubt it would work correctly under win32,
even say if compiled under cygwin...
Topic: Monkey tricks: Extracting Viruses/Worms (Read 6793 times)