Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Winners of Bonus Points from Yesterday’s FTBM - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Winners of Bonus Points from Yesterday’s FTBM

Yesterday, Tom Liston posted his latest Follow the Bouncing Malware.  In it, he posed a question for extra credit, namely:

"Those of you with taped, horn-rimmed glasses who were in the AV club in Jr. High will note that the numbers assigned to o(0) look strangely familiar.  [They were 4d5a] They're the hex equivalents of the "magic values" that begin every program on the PC (extra-credit: anyone know what they stand for?)."

We had several readers point out the answer, but the first was Frank Knobbe:

"Actually, it is every MSDOS program. Every Portable Executable (PE) file starts with a header. The first two bytes is a 'magic' that identifies the file as an MSDOS executable. The magic is 0x5A4D which is MZ in ASCII. MZ are the initials of Mark Zbikowski, one of the original architects of MS-DOS. :)"

Tom described this as the ultimate in vanity-license-plate equivalents for geeks.  Indeed it is.  And, I might point out that the file encryption solution built into modern Windows systems is called?.

Signing out?

Edward Frank Skoudis

Intelguardians, www.intelguardians.com

Ed

57 Posts

Sign Up for Free or Log In to start participating in the conversation!