Dustin wrote on 8/7/2014 :
> "Ant"  wrote in 
> news:cMSdnSFuYKG3Wn_OnZ2dnUVZ7oadnZ2d@brightview.co.uk:

[...]

>> If nit-picking is important then you should know the difference between
>> files and other objects. 
>> 
>> Actually, this malware lives in the registry, the registry is contained
>> in a set of files but it's not helpful to think of the malware as a
>> file. It's not hiding from the OS or a knowlegeable user who knows about
>> registry autorun keys.
>
> An awful set of files that make up the registry hive, yes. :) It's a proof 
> of concept... but, the idea was discussed a long long time ago. I found it 
> quite interesting to see that the executable program section actually has a 
> complete? MZ/PE header in the front...
>
> Must admit, it's a cute trick with the extended ascii to hide it's presence 
> from the typical user. :)

Sounds almost familiar. :)

Was the encoding of the script with screnc.exe or equivalent actually 
necessary?


--- NewsGate v1.0 gamma 2