Malware Domain List

Malware Related => Tools of the trade / Internet News => Topic started by: sowhat-x on November 16, 2007, 04:04:44 am

Title: Monkey tricks: Extracting Viruses/Worms
Post by: sowhat-x on November 16, 2007, 04:04:44 am
Very interesting article(s)...

http://geek00l.blogspot.com/2006/03/monkey-tricks-extracting-virusesworms.html
http://geek00l.blogspot.com/2006/04/tcpxtract-revisited.html
http://geek00l.blogspot.com/2006/04/tcpxtract-addon.html

In a side note,this guy is also responsible for the development,
of a very cool network analysis live distro:
http://www.rawpacket.org/projects/hex-livecd

Actually,I was googling for info in detecting/extracting binaries,
even semi-corrupted,from pcap captures...
most network data reconstruction tools I've seen,
extract html pages,gif/jpg/png and zlib stuff...
don't know of anything towards executables.  :(
If anyone is aware of...

Except from the above articles,
the only somehow related thing I've came across is:
http://honeytrap.mwcollect.org/pehunter.html
This one though is to be run on live streams,
utilizing unix sockets...as for portability...don't know...
I doubt it would work correctly under win32,
even say if compiled under cygwin...