[Dailydave] Times up!
dennis at backtrace.de
dennis at backtrace.de
Fri Oct 24 10:36:06 EDT 2008
>
> That said, it won't take much for someone to write self-replicating code
> exploiting this vulnerability.
I can now confirm what has been stated on the ThreatExpert blog. I
found shellcode at
file offset 0x4712A (or address 0x1004712A in IDA). Simple "sub 1"
payload decoder,
imports urlmon/UrlDownloadToFileA and WinExec to download a copy of
the Trojan.
MD5 of basesvc.dll: 82ba009746da8603c463f37e381a42a4
Cheers
More information about the Dailydave
mailing list