Skip navigation.

cjeremy's blog

Storm Worm Config file parser


I have written a small Perl script that will extract the IP addresses and Port numbers from the Storm Worm configuration file. Right now this file can be found on an infected machine in the C:\windows directory and is currently named "aromis.config". This is a fairly simple script to run and it contains the ability to parse multiple files as it accepts wildcard characters "*" and/or multiple filenames. If your interested here is a link to it: storm_config_decoder_pl. Feel free to contact me if you have any questions or comments.

Syndicate content