I recently received an email from someone that I do not know.
There was an attatchment named "if you.pif"
The subject of the email was The Garden Of Eden.
I tried scanning the attachment with PC-cillin
which did not show any virus.
I then saved this attachment to my HD and and tried
to rescan it. PC-cillin reports that it cannot find
the file.
I then renamed the file to "you", I could open this file
with PC-cillin or notepad.
I ftp'd the file to a linux machine on my LAN and opened
it with emacs.
This just shows a bunch @^e@@@½!@# stuff
Upon closer inspection I seen some snippets of plain text:
Microsoft Visual C++ Runtime Library
GetLastActivePopup
GetActiveWindow
Messagebox
user32.dll
Scrolling down a little further shows:
HELO <-- please note that this is a smtp command
MAIL FROM: <-- another smtp command
RCPT TO: <-- yet another
This .pif file is connecting to a prodigy.net smtp server:
pimout1-ext.prodigy.net with a return address of
<foreverart@sbcglobal.net>
Visiting www.sbcglobal.net redirects to sbcglobal.prodigy.net
I am assuming that sbcglobal is just an innocent victim here.
I would like to decompile this .pif file if at all possible
in the hopes of maybe locating the origin of this mini-worm.
So could someone please point me in the right direction of
a decompiler that will show this file in its original form.
Thank You
Reply With Quote
