@Fyyre
they don't like my old Delphi :)
					
										
																														 
					 
					 they don't like my old Delphi :)
Ring0 - the source of inspiration
					 						
            A forum for reverse engineering, OS internals and malware analysis
rkhunter wrote:ESET and Avira failed on files with only execute permission.perhaps i read wrong, but avira is unter
http://www.securityfocus.com/archive/1/ ... 0/threaded
markusg wrote:You are correct, not avira.rkhunter wrote:ESET and Avira failed on files with only execute permission.perhaps i read wrong, but avira is unter
http://www.securityfocus.com/archive/1/ ... 0/threaded
Non-vulnerable applications:
MsgBox(0x0, "Hello World", "Hello World")File name: t[36].phpt[36].php is Win32 executable with such fantastic payload inside.
Submission date: 2011-11-27 03:17:09 (UTC)
Current status: finished
Result: 1/ 43 (2.3%)
SUPERAntiSpyware 4.40.0.1006 2011.11.26 Trojan.Dropper/Gen-PHP
.text:00401000                 public start
.text:00401000 start           proc near
.text:00401000                 push    0               ; uExitCode
.text:00401002                 call    ds:ExitProcess
.text:00401002 start           endp00401040 >/$  6A 00         PUSH 0
00401042  |.  0000          ADD BYTE PTR DS:[EAX],AL
00401044  |.  005B 81       ADD BYTE PTR DS:[EBX-7F],BL
00401047  \.  C3            RETN
00401048      9B            DB 9B
00401049      02            DB 02
0040104A      00            DB 00
0040104B      00            DB 00
0040104C      53            DB 53                                    ;  CHAR 'S'
0040104D      F3            DB F3
0040104E   .  C3            RETN
0040104F   .  15 08104000   ADC EAX,<&USER32.MessageBoxW>
00401054   .  6A 00         PUSH 0                                   ; /ExitCode = 0
00401056   .  FF15 00104000 CALL DWORD PTR DS:[<&KERNEL32.ExitProces>; \ExitProcess
0040105C   .  C3            RETN
0040105D      90            NOP
0040105E      90            NOP
0040105F      90            NOP