.im new to reversing code but i was able to with the help of google take a hidden exe named yahooautoupdater and decompile it back to its vb code im not into virus writing so im not positive if this is infact a virus heres a piece of of the code this references if it isnt a legit call for yahoo auto updater someone shoot me a pm and tell me what u think of this starnge program i can tell that it uses the zlib compression dll also taps some weird api calls including adding itself to the firewall impersonating a process hooking the kernel directly and another piece of info on this it was preloaded on a windows xp pro sp3 disc pirated my own fault but it crashes the os if i kill the process and every time i hook it with ida or something else it seems to delete itself i also looked at the calls it has enemies,proxies and zombie.getinfo and i googled that it appears to be a virus tecnique is this a new ddos variant it can read current user lanmanager info etc does yahoo update need these things to work or do we have a new virus on our hands?
http://pastebin.com/m7ad9afc0 submain
http://pastebin.com/m243793fd CC
[url] http://pastebin.com/m2a3abe61[/url] MDWK
[url]http://pastebin.com/m7c0356ef [/url] CWK
[url] http://pastebin.com/m6ce08685 [/url] IWE
http://pastebin.com/m4617bdfc CAC
[url] http://pastebin.com/m71a39f31[/url] mdFS
[url] http://pastebin.com/m2e4e7bbb [/url] CTmr
http://pastebin.com/m309918b8 mdlM
those are the decompiled segments of code directly from the running exe
(and finally the API calls)
[url]http://pastebin.com/m1e3a8a28 [/url] API CALLS
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}