I have came accross a small exe (14kb) and I would like to know what it does. I am pretty sure it is some type of mIRC ddos bot.
Is there any way to monitor what it is doing or decompile it to some language I might understand ? When I ran it from cmd it fired up wininet32.dll and tried to make it connect to a mIRC server , I know this much because my firewall went off after I ran it. Any ideas on how to find out what all this will do ?

hmm, it would be handy to know the filename. Put it into google and see what comes up as well.

Stefan

The filename is regn.exe, this is not an exe that you can just download from a software site, someone made this for their own personal use and maybe a few close friends. There has to be a way to edit or decomplie it so I can see exectly what it is.

http://www.laer-it.dk/programr/regneark.htm

strange that it listed twice in google :rolleyes: same I can't read either of the languages :(

Stefan

I am pretty sure that the program they're talking about on that page is not what I have. They're talking about DEMO: Kombi-regn , I'm talking about a program when ran wont show up in processes but it is still running in the background , it calls on serveral dll's to connect out and do what I dont know ( I didn't let it get that far ). I just want to know of an editor that I can see basically what it does or a way to decompile it. Someone has to know.

thats the thing there isn't a program that will allow to de-compile the .exe, or at least not one I know of.

Check "Resource Hacker" and "hackman" (search google). They are similar programs, Resource Hacker pulls any icons, strings and what not from dll's and exe's, hackman can display the programs's hex.

Stefan

You can run the program through a debugger, and then see exactly what it does -at the machine code level, though. The simplest, IMO, would be to use W32Dasm, which is a disassembler, but has additional debugging cappabilities. Or may be there are some better ones now, because it's a long time since I renewed my assembly tools.