I've been seeing these articles about the Korean MBR wiper malware everywhere. Typical of these articles in this one on Wired, which states:
Contained within that file was a hex string (4DAD4678) indicating the date and time the attack was to begin—March 20, 2013 at 2pm local time (2013-3-20 14:00:00).
My problem: 0x4DAD4678 equals 1303201400 decimal. That value gives me a date of :
Tue, 19 Apr 2011 04:23:20
Which is the date Skynet went online.
Nice touch. I like that. No coincidence there.
For "March 20, 2013 2pm KST" (assuming Korean Standard Time is "local time" in Korea), I get a decimal value of 1363755600 or 0x51494250 hex.
All these articles make the same claim.
Am I doing it wrong?
It is not a second epoch.
ReplyDelete> 0x4DAD4678 equals 1303201400 decimal.
1303201400
'13/03/20 14:00
'yy/mm/dd hh:mm
thank you for your proxy list , i would appreciate it if you can indicate the proxy type int the list (socks 4/5 etc.) and more appreciated if you can make them into a txt file .
ReplyDelete