[Full-Disclosure] Depacting Sasser

Hi,

Looking for some help. I have sucessfull depacted Blaster, that was easy, just UPX decompaction. On my way to disassembling it.

I Depacted Gaobot using unpack32 a number of times to, deyoda it, then DePEComapct it must be older codec JCALC1 algorithm.

But cannot depact/decrypt Sasser I know it is compacted with PECompact, probably it newer algorithm FFCE codec.

I can grab a memory image of it but would really like a tool to depack/decrypt it.

So is there anything that will reverse code the newer PECompacts algorithm ?

Hope you can help,

Aaron

Sorry I do not normally trade virii, they are generally availiable on the web given a bit of searching.
I would trade for a depacted Sasser however.

I am purly studying the things for study only.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Sun Aug 08 14:33:01 2004