Here is the entry for the sober worm variant a.
I really need to get more standard about this information.
I have attached flowgraphs, ida database, disassembly, packed and unpacked
versions, unpacked strings, etc.
Event: Threat Found!
Date found: Monday, December 12, 2005 11:29:39 PM
Scanning -> C:\malware\sober\win_sober_a.exe
File Type : Exe, Size : 63765 (0F915h) Bytes
-> File has 277 (0115h) bytes of appended data starting at offset 0F800h
[!] UPX [unknown / modified] !
UPX 0.89.6 - 1.02 / 1.05 - 1.24 -> Markus & Laszlo [Overlay]
info: 237568 Dec 12 23:27 unpacked_win_sober_a.exe
info: 3201157 Dec 12 23:29 unpacked_win_sober_a.exe_disas.txt
md5sum: dddae6fd395ceb7c33173f510ea39aaa unpacked_win_sober_a.exe
md5sum: 6571426131a017323521b088c24542d7 win_sober_a.exe
sha1sum: 14cc7eb552752d772b82725d23c560744fa2f16e unpacked_win_sober_a.exe
sha1sum: 14ea6209c289ff093aafa274a5d1a3e1cb8a2d0d win_sober_a.exe