<HTML>
<HEAD>
<TITLE>Re: [Full-disclosure] Re: Google Malware Search</TITLE>
</HEAD>
<BODY>
<FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'>One other thing which may already be known by most of you, on the google results you can click “View as HTML” and get a lot of file information.<BR>
<BR>
</SPAN></FONT><FONT SIZE="5"><FONT FACE="Times, Times New Roman"><SPAN STYLE='font-size:18.0px'><B>WINDOWS EXECUTABLE<BR>
<BR>
3</B></SPAN><SPAN STYLE='font-size:16.0px'>2</SPAN><SPAN STYLE='font-size:18.0px'><B>bit for Windows 95 and Windows NT <BR>
<BR>
Te</B></SPAN><SPAN STYLE='font-size:16.0px'>ch<B><I>nical File Information: <BR>
<BR>
Imag</I></B>e </SPAN></FONT></FONT><FONT FACE="Times, Times New Roman"><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><B><U>File Header <BR>
<BR>
Signat</U></B>u</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>r</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>e: 00004550<BR>
<BR>
</I>Machine: </SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>I</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>ntel 386<BR>
<BR>
N</I>umber of S</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>e</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>ctions: 0003<BR>
<BR>
Time Dat</I>e Sta</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>m</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><B><I>p: 43e3d0b9<BR>
<BR>
Symbol</I>s Pointer</B></SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>:</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I> 00000000<BR>
<BR>
Number o</I>f Symbols</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>:</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I> 00000000<BR>
<BR>
Size of Op</I>tional He</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>a</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>der 00e0<BR>
<BR>
Characteristics:</I> Relo</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>c</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>ation info stripped</I> from file. <BR>
File is executable (i.e. no unresolved external references). <BR>
Line numbers stripped from file. <BR>
Local symbols stripped from file. <BR>
32 bit word machine. <BR>
<BR>
<BR>
<BR>
Image Optional Heade</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>r <BR>
<BR>
</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><B><U>Magic: 010b<BR>
<BR>
Linker Vers</U></B>i</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>o</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>n: 5.12<BR>
<BR>
</I>Size </SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>o</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>f Code: 00003800<BR>
<BR>
</I>Size </SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>o</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><B><I>f Initialized Da</I>ta: 00004</B></SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>0</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>00<BR>
<BR>
Size of Uninitialized Da</I>ta: 00000</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>0</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>00<BR>
<BR>
Address of Entry Point: 00</I>00b037<BR>
<BR>
B</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>a</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>se of Code: 00<B>001000<BR>
<BR>
Base</B></I><B> of Data:</B></SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'> </SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>00005000<BR>
<BR>
Image </I>Base: 004</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>0</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>0000<BR>
<BR>
Section Al</I>ignment: </SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>0</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>0001000<BR>
<BR>
File </I>Alignment</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>:</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I> 00000200<BR>
<BR>
Operating </I>System Ve</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>r</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>sion: 4.00<BR>
<BR>
Image </I>Version: </SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>0</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>.00<BR>
<BR>
Subsystem Version: 4.00<BR>
</I><BR>
Res</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>e</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>rved1: 00000000<BR>
<BR>
</I>Size </SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>o</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>f Image: 00010000<BR>
<BR>
Si</I>ze of</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'> </SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>Headers: 0000</I>0400<BR>
<BR>
Che</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>c</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><B><I>ksum: 00000000<BR>
<BR>
S</I>ubsystem:</B></SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'> </SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>Image runs in the W</I>indows GU</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>I</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I> subsystem.<BR>
</I><BR>
DLL Char</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>a</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>cteristics: 0</I>000<BR>
<BR>
Size of Stack Reserve: 00100000<BR>
<BR>
Siz</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>e</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I> of Stack Commit: 00001</I>000<BR>
<BR>
</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>S</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>ize of Heap Reserve: 0010</I>0000<BR>
<BR>
Siz</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>e</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I> of Heap Commit: 0000100</I>0<BR>
<BR>
Loader</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'> </SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>Flags: 00000000<BR>
<BR>
Size of</I> Data Dir</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>e</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>ctory: 00000010<BR>
<BR>
Import</I> Director</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>y</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I> Virtual Address</I>: 0000a0</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>0</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>0<BR>
<BR>
Import Directory Size: </I> 00000240</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'> <BR>
</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I><BR>
<BR>
<BR>
<BR>
Import Table <BR>
<BR>
~tY–µý u<BR>
<BR>
Ord</I>inal Func</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>t</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>ion Name <BR>
<BR>
<BR>
<BR>
kernel32.d</I>ll<BR>
<BR>
Ordin</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>al</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'> Fun</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>ctio</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><B><U>n Name <BR>
<BR>
00</U></B>0</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>0</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'> Sleep <BR>
<BR>
<BR>
u</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>s</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><U>er32.dll<BR>
<BR>
</U>O<U>rdinal Functi</U>o</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>n Name</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'> <BR>
<BR>
0000 wsprin</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>t</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><U>fA <BR>
<BR>
<BR>
wso</U>c<U>k32.dll<BR>
<BR>
Ordi</U>n</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>al</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'> Function Nam</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>e <BR>
</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><BR>
0000 send <BR>
<BR>
<U><BR>
ole32.dll<BR>
<BR>
Ordinal Func</U>t</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>io</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'>n Name <BR>
<BR>
0000 Co</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>Init</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'>ialize <BR>
<BR>
<BR>
shl</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>w</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><U>api.dll<BR>
<BR>
O</U>r<U>dinal Functio</U>n</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'> N</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'>ame <BR>
<BR>
0000 </SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>StrD</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'>upA <BR>
<BR>
<BR>
wini</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>n</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><U>et.dll<BR>
<BR>
Or</U>d<U>inal Function</U> </SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>Na</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'>me <BR>
<BR>
0000 InternetO</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>penA</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'> <BR>
<BR>
<BR>
advapi32.</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>d</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><U>ll<BR>
<BR>
Ordina</U>l<U> Function Nam</U>e</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'> <BR>
</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><BR>
0000 RegClose</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>Key <BR>
</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'> <BR>
<BR>
urlmon.dll<BR>
<U><BR>
Ordinal F</U>u<U>nction Name <BR>
</U></SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'><BR>
0</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'>000 URLDownloadToFile</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>A <BR>
<BR>
</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><BR>
shell32.dll<BR>
<BR>
</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>O</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><U>rdinal Fun</U>c<U>tion Name <BR>
<BR>
</U>0</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>00</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'>0 ShellExecuteA <BR>
<BR>
</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'><BR>
gdi</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'>32.dll<BR>
<BR>
Ordin</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>a</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><U>l Function</U> <U>Name <BR>
<BR>
0000 </U>D</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>el</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'>eteDC <BR>
<BR>
<BR>
Section Table <BR>
<BR>
</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>Sect</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'>ion name: UPX0<BR>
<U><BR>
Virtual S</U>i<U>ze: 00009000<BR>
</U><BR>
</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>Vi</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'>rtual Address: 000010</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>00<BR>
<BR>
</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'>Size of raw </SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>d</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><U>ata: 00000</U>0<U>00<BR>
<BR>
Pointer t</U>o</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'> R</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'>aw Data: 0000040</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>0<BR>
<BR>
P</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><B><U>ointer to Reloca</U></B>t</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>i</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>ons: 00000000<BR>
<BR>
P</I>ointe</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>r</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I> to Line Numbers</I>: 0000000</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>0<BR>
</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I><BR>
Number of Relocat</I>ions: 000</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>0<BR>
</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I><BR>
Number of Line Num</I>bers: 000</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>0<BR>
</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I><BR>
Characteristics: Sect</I>ion conta</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>i</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>ns initialized data <BR>
Secti</I>on is exe</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>c</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>utable <BR>
Section is readable</I> <BR>
Section</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'> </SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>is writeable <BR>
<BR>
<BR>
<BR>
Sectio</I>n nam</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>e</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>: UPX1<BR>
<BR>
Virtual Size: 0000</I>0240<BR>
</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'><BR>
</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>Virtual Address: 00</I>00a000<BR>
<BR>
Size of raw data: 00000400<BR>
<BR>
Pointer to Raw Data: 00000400<BR>
<BR>
Pointer to Relocations: 00000000<BR>
<BR>
</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>P</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'>oint</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>er</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I> to Line Numbers</I>: 000</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>0</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>0000<BR>
<BR>
Number of </I>Relocatio</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>n</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>s: 0000<BR>
<BR>
Number of </I>Line Numb</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>e</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>rs: 0000<BR>
<BR>
Characteri</I>stics: Se</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>c</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>tion contains initializ</I>ed data <BR>
</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>S</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>ection is readable <BR>
Sectio</I>n is writ</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>e</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>able <BR>
<BR>
<BR>
<BR>
Section name: UP</I>X2<BR>
<BR>
Virtu</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>a</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>l Size: 00005000<BR>
<BR>
Virtual</I> Addr</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>e</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>ss: 0000b000<BR>
<BR>
Size of raw </I>data:</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'> </SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>00004400<BR>
<BR>
Pointer t</I>o Raw Data: 00000800<BR>
<BR>
Pointer to Relocations: 00000000<BR>
<BR>
Pointer to Line Number</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>s</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'>: 00</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>00</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>0000<BR>
<BR>
Number of </I>Reloc</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>a</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>tions: 0000<BR>
<BR>
Num</I>ber of Li</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>n</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>e Numbers: 0000<BR>
<BR>
Ch</I>aracteris</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>t</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>ics: Section contain</I>s code <BR>
S</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>e</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>ction is executable <BR>
Se</I>ction is </SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>r</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>eadable <BR>
Section is writea</I>ble <BR>
<BR>
<BR>
<BR>
</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>H</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>eader Information <BR>
<BR>
Signatu</I>re: 5a4d<BR>
</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'><BR>
</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>Last Page Size: 0090<BR>
<BR>
Tot</I>al Pa</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>g</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>es in File: 0003<BR>
<BR>
Relocati</I>on It</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>e</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>ms: 0000<BR>
<BR>
Paragraph</I>s in Header: 0004<BR>
<BR>
Minimum Extra Paragraphs: 0000<BR>
<BR>
Maximum Extra Paragraphs: ffff<BR>
<BR>
Initia</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>l</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'> Sta</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>c</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><B><U>k Segment: 0000<BR>
<BR>
Init</U></B>i</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>a</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>l Stack Point</I>er: 0</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>0</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>b8<BR>
<BR>
Complemented C</I>hecks</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>u</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>m: 0000<BR>
<BR>
Initial Instru</I>ction</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'> </SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>Pointer: 0000<BR>
<BR>
Initi</I>al Co</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>d</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>e Segment: 0000<BR>
<BR>
Relocat</I>ion T</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>a</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>ble Offset: 0040<BR>
<BR>
Overlay Nu</I>mber:</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'> </SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>0000<BR>
<BR>
Reserved: 0000 0000 00</I>00 00</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>0</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>0<BR>
<BR>
0000 0000 0000 0000<BR>
<BR>
0</I>000 0</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>0</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>00 0000 0000<BR>
<BR>
0000 0000 0</I>000 0</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>0</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>00<BR>
<BR>
Offset to New Header:</I> 0000</SPAN></FONT><FONT SIZE="5"><SPAN STYLE='font-size:16.0px'>0</SPAN></FONT><FONT SIZE="4"><SPAN STYLE='font-size:13.0px'><I>0c0<BR>
<BR>
Memory Needed: 2K<BR>
</I></SPAN></FONT></FONT><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'><BR>
<BR>
On 7/17/06 12:21 PM, "Mike M" <mkmaxx@gmail.com> wrote:<BR>
<BR>
</SPAN></FONT><BLOCKQUOTE><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'><BR>
</SPAN></FONT><BLOCKQUOTE><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'><BR>
Message: 11<BR>
Date: Sun, 16 Jul 2006 23:58:30 -0500<BR>
From: H D Moore < fdlist@digitaloffense.net <a href="mailto:fdlist@digitaloffense.net"><mailto:fdlist@digitaloffense.net></a> ><BR>
Subject: [Full-disclosure] Google Malware Search<BR>
To: full-disclosure@lists.grok.org.uk<BR>
Message-ID: < 200607162358.30574.fdlist@digitaloffense.net <a href="mailto:200607162358.30574.fdlist@digitaloffense.net"><mailto:200607162358.30574.fdlist@digitaloffense.net></a> ><BR>
Content-Type: text/plain; charset="us-ascii"<BR>
<BR>
<a href="http://metasploit.com/research/misc/mwsearch/?q=bagle">http://metasploit.com/research/misc/mwsearch/?q=bagle</a> <a href="http://metasploit.com/research/misc/mwsearch/?q=bagle"><http://metasploit.com/research/misc/mwsearch/?q=bagle></a> <BR>
<BR>
Enjoy,<BR>
<BR>
-HD<BR>
</SPAN></FONT></BLOCKQUOTE><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'><BR>
<BR>
<BR>
Didnt know google crawls scr's and com's.. Since when?<BR>
<BR>
MM<BR>
<BR>
<HR ALIGN=CENTER SIZE="3" WIDTH="95%"></SPAN></FONT><FONT SIZE="2"><FONT FACE="Monaco, Courier New"><SPAN STYLE='font-size:10.0px'>_______________________________________________<BR>
Full-Disclosure - We believe in it.<BR>
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html">http://lists.grok.org.uk/full-disclosure-charter.html</a><BR>
Hosted and sponsored by Secunia - <a href="http://secunia.com/">http://secunia.com/</a><BR>
</SPAN></FONT></FONT></BLOCKQUOTE><FONT SIZE="2"><FONT FACE="Monaco, Courier New"><SPAN STYLE='font-size:10.0px'><BR>
<BR>
</SPAN></FONT></FONT><FONT FACE="Verdana, Helvetica, Arial"><SPAN STYLE='font-size:12.0px'><BR>
==================================================<BR>
David Taylor //Sr. Information Security Specialist<BR>
University of Pennsylvania Information Security <BR>
Philadelphia PA USA<BR>
(215) 898-1236<BR>
<a href="http://www.upenn.edu/computing/security/">http://www.upenn.edu/computing/security/</a><BR>
================================================== <BR>
<BR>
Penn Information Security RSS feed<BR>
<a href="http://www.upenn.edu/computing/security/rss/rssfeed.xml">http://www.upenn.edu/computing/security/rss/rssfeed.xml</a><BR>
Add link to your favorite RSS reader<BR>
<BR>
</SPAN></FONT>
</BODY>
</HTML>