Reverse assemble code on Linux (or even MacOS X?)
Hi everyone,
I just got what I think is a Windows-based worm or spyware in one of my email inboxes. It was an otherwise blank message with a ZIP file attached. I uncompressed the ZIP file and it contains a .exe file. Since the system I received this message on is a Mac (running OS X), this was all fairly safe. I would like to transfer this file to one of my Linux systems and try to reverse-assemble the file. I'm curious as to what it is trying to do. I took classes in Assembly a long time ago, and haven't used it very much since then. This is more of an exercise than anything.
I know I could probably transfer the file to my one Windows system and use DEBUG to see what it's doing, but that's just tempting fate, and wouldn't be too bright on my part.
So, I was wondering if Linux had any tools to reverse-assemble code. I tried looking on Google and all I get are EULAs telling me not to reverse assemble the programs people are trying to sell. When I try to filter those out, I get a smattering of results ranging from reverse DNS to resumes of people who assemble computer systems for a living, along with still a few EULAs in languages other than English. But I don't get anything helpful. I would also consider a tool for MacOS X that understands x86 opcodes.
Thanks!
|