• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Strange File

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Viruses // Worms

View previous topic :: View next topic  
Author Message
itexltd
Just Arrived
Just Arrived


Joined: 13 Jan 2008
Posts: 0


Offline

PostPosted: Sun Jan 13, 2008 7:21 am    Post subject: Strange File Reply with quote

I would like to an inspect an trojan. I found unusual exe file in my home computer. However i have formated my home pc and reinstalled the window. But i kept the .exe, I would like to test exe in vmware to see what exactly it does. What would you recommend me to sniff traffic and see what is that all about?

Thank You!
Back to top
View user's profile Send private message
White Scorpion
Just Arrived
Just Arrived


Joined: 19 Sep 2003
Posts: 5
Location: The Netherlands

Offline

PostPosted: Thu Jan 17, 2008 8:33 am    Post subject: Reply with quote

why don't you upload it to virusscan.jotti.org or www.virustotal.com ?
It should be much faster then analyzing the file yourself (and less risky).
Once you know what it is you might find some information on the net on how to remove it.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
bj0rn
Just Arrived
Just Arrived


Joined: 21 Jan 2008
Posts: 0
Location: Chicago, IL

Offline

PostPosted: Mon Jan 21, 2008 10:07 pm    Post subject: Reply with quote

Do some heavy amounts of research before messing around with malware samples. I agree with lepricaun ; I recommend uploading it to SunBelt Sandbox [ http://research.sunbelt-software.com/Submit.aspx ] It gives you a detailed log of what the file tries to do, so you don't have to go through the trouble.

However, if you are interested in some more advanced malware analysis, here are a few links to some advanced tools that will be helpful:

F.I.R.E - http://fire.dmzs.com/?section=tools
http://vladimir44.googlepages.com/home [decompilers like IDA, network monitoring with tools like SNORT, tools from sysinternals, and other things that will be handy]
Back to top
View user's profile Send private message
PhiBer
SF Mod
SF Mod


Joined: 11 Mar 2003
Posts: 20
Location: Your MBR

Offline

PostPosted: Wed Jan 23, 2008 9:13 pm    Post subject: Reply with quote

You may also wish to take a look at a piece of software called InCtrl5. It basically allows you to specify an executable to launch and will track changes to the registry, system drives, ini files, and any text file changes.

Couple this with wireshark, TCPView, and Process Monitor and you just may be able to better understand what the virus does.

Do note that often times, a trojan might not actually start trying to run commands from your PC but will wait for commands from a central location. As such, network activity might be lacking from the get-go.

I also advise you to run malware within a virtual environment to prevent any system damage. Unfortunately though, some malware detects when it is being run within a virtual machine and will not activate to prevent analysis.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Viruses // Worms All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register