[ale] palm41.dll weirdness

Jim Popovitch jimpop at yahoo.com
Sat Sep 18 09:35:31 EDT 2004


$ file palm41.dll
palm41.dll: MS Windows PE 32-bit Intel 80386 GUI DLL

$ strings palm41.dll
Vh0u
t h40
]_^[
t"UWV
u"UWV
]_^[
PALM41 Windows Dynamic Link Library
PALM41.dll
Configure41Conduit
Synchronize41Conduit
ConfigureConduit
OpenConduit
.?AVAFX_MODULE_STATE@@
.?AV_AFX_DLL_MODULE_STATE@@
.?AVCNoTrackObject@@
.?AVtype_info@@
MFC40.DLL
__CxxFrameHandler
_strdup
??2 at YAPAXI@Z
_EH_prolog
MSVCRT40.dll
__dllonexit
_onexit
free
_initterm
malloc
_adjust_fdiv
??1type_info@@UAE at XZ
GetProcAddress
LocalFree
LocalAlloc
Sleep
GetVersion
GlobalFree
GlobalAlloc
KERNEL32.dll
PADDINGXXPADDINGPADD
0,0j0
1*141A1\1
273 at 3G3v3
3&4,42484>4D4J4P4V4\4b4h4n4t4z4
5"5(5.54595]5
5.6P6
6!70757I7M7f7p7z7
7#858^8p8
9*939=9N9a9j9t9}9
:(:1:?:D:O:[:d:q:
;*;2;8;A;L;R;
<"<P<V<\<b<h<n<t<z<
0 0$0(0,0004080<0 at 0D0H0L0P0T0X0\0`0d0h0l0p0t0x0|0
1,1014181 at 1X1p1
2$202L2X2t2
3 3<3H3d3p3
4 4<4
0 at 0H0h0


It looks harmless, it's just that I don't run Windows, and haven't on
tihs system in quite some time.  I know for sure that the file just
appeared yesterday, and almost certain that it arrived via Evolution....
just not sure how.

-Jim P.

On Sat, 2004-09-18 at 07:38, Geoffrey wrote:
> Jim Popovitch wrote:
> > palm41.dll weirdness:
> > 
> > Today, after downloading lots of email, via Evolution, to my Linux ONLY
> > laptop, I noticed the file palm41.dll in my home directory.  This file
> > was plainly not here earlier today.  This is a pretty fresh and patch
> > RHEL 3.0 WS install, and up2date as well.  This file did NOT exist
> > earlier today as I was doing a lot of work in my home directory (totally
> > off net).  
> > 
> > $ ls -al palm41.dll
> > -rw-rw-r--    1 jimpop   jimpop      12288 Mar 13  2003 palm41.dll
> > 
> > 
> > I'm wondering if there is some thing fishy going on here..... any ideas?
> 
> Memory that fades around a year and a half later? :)
> 
> Run strings on it and see if anything jumps out at you.  Scan it for 
> viri.  What does 'file' say about it?



More information about the Ale mailing list