replica
June 11th, 2009, 08:14
http://www.phreedom.org/solar/code/tinype/tiny.webdav.133/tiny.exe
Well its very old hardcoded PE file ... but interesting thing that it bypasses some of best firewalls due to Svchost.exe default settings...
And now the phun part.. I tried to open it in olly (reflex) ... it get executed on even higher priv. (SYSTEM)... (silent execute)
Someone explain me what a heck is going on ?
Well its very old hardcoded PE file ... but interesting thing that it bypasses some of best firewalls due to Svchost.exe default settings...
And now the phun part.. I tried to open it in olly (reflex) ... it get executed on even higher priv. (SYSTEM)... (silent execute)
Someone explain me what a heck is going on ?
