Posted: Sun Jan 13, 2008 7:21 am Post subject: Strange File
I would like to an inspect an trojan. I found unusual exe file in my home computer. However i have formated my home pc and reinstalled the window. But i kept the .exe, I would like to test exe in vmware to see what exactly it does. What would you recommend me to sniff traffic and see what is that all about?
Joined: 19 Sep 2003 Posts: 5 Location: The Netherlands
Posted: Thu Jan 17, 2008 8:33 am Post subject:
why don't you upload it to virusscan.jotti.org or www.virustotal.com ?
It should be much faster then analyzing the file yourself (and less risky).
Once you know what it is you might find some information on the net on how to remove it.
Joined: 21 Jan 2008 Posts: 0 Location: Chicago, IL
Posted: Mon Jan 21, 2008 10:07 pm Post subject:
Do some heavy amounts of research before messing around with malware samples. I agree with lepricaun ; I recommend uploading it to SunBelt Sandbox [ http://research.sunbelt-software.com/Submit.aspx ] It gives you a detailed log of what the file tries to do, so you don't have to go through the trouble.
However, if you are interested in some more advanced malware analysis, here are a few links to some advanced tools that will be helpful:
You may also wish to take a look at a piece of software called InCtrl5. It basically allows you to specify an executable to launch and will track changes to the registry, system drives, ini files, and any text file changes.
Do note that often times, a trojan might not actually start trying to run commands from your PC but will wait for commands from a central location. As such, network activity might be lacking from the get-go.
I also advise you to run malware within a virtual environment to prevent any system damage. Unfortunately though, some malware detects when it is being run within a virtual machine and will not activate to prevent analysis.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum