Thanks Carv! I'll run your Perl script against the executables soon and let you know if I find anything interesting. I'm going to package the "suspicious" files together for those of you who have mentioned willingness to take a look. I'll probably use a Blowfish self-decrypting archive for this purpose. Mark -----Original Message----- From: H C [mailto:keydet89at_private] Sent: Monday, January 20, 2003 6:28 AM To: forensicsat_private Subject: re: MD5 Exploit Database? <snip> I'd like to suggest something...that you not only MD5 these files, but also generate a SHA-1 hash for each. Also, you can perform other analysis/queries on the files, such as attempting to derive vendor information from executables, as w/ finfo.pl (http://patriot.net/~carvdawg/perl.html). Given compression and packing routines available, it's unlikely that you'll find any sort of comprehensive database of MD5 hashes. If you're looking for assistance, or just want another set of eyes on the files, I'd be willing to take a look at them. <snip> ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 03:22:11 PST