[ale] Need a simple perl (etc.) program, but I don't speak perl
Greg Freemyer
greg.freemyer at gmail.com
Thu Jun 3 12:19:58 EDT 2010
James,
I sure that worked because I see some interesting strings after the decode.
But how to I save that binary back out to a file?
Greg
On Thu, Jun 3, 2010 at 12:03 PM, James Sumners <james.sumners at gmail.com> wrote:
> Just paste the text into the field at
> http://ostermiller.org/calc/encode.html and click "Hex Decode". You'll
> quickly see what this thing does.
>
>
> On Thu, Jun 3, 2010 at 10:58 AM, Greg Freemyer <greg.freemyer at gmail.com> wrote:
>> All,
>>
>> I'm looking at an intrusion and found the attached very suspicious
>> html file (I added a .bin extent so it would not be associated with a
>> browser etc.
>>
>> Anyway, within it there is a string (see below) that I think is the
>> hex expression (see below) of malware that I need converted to binary.
>> Can someone help me out with a perl script to convert. Or even
>> better, convert it to binary and seal it up in a password protected
>> zip file. Use "infected" as the password. Thanks, Greg
>>
>> == Potential malware representation
>
>
> --
> James Sumners
> http://james.roomfullofmirrors.com/
>
> "All governments suffer a recurring problem: Power attracts
> pathological personalities. It is not that power corrupts but that it
> is magnetic to the corruptible. Such people have a tendency to become
> drunk on violence, a condition to which they are quickly addicted."
>
> Missionaria Protectiva, Text QIV (decto)
> CH:D 59
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
--
Greg Freemyer
Head of EDD Tape Extraction and Processing team
Litigation Triage Solutions Specialist
http://www.linkedin.com/in/gregfreemyer
CNN/TruTV Aired Forensic Imaging Demo -
http://insession.blogs.cnn.com/2010/03/23/how-computer-evidence-gets-retrieved/
The Norcross Group
The Intersection of Evidence & Technology
http://www.norcrossgroup.com
More information about the Ale
mailing list