query about what a .exe file can do if not run by user

Hi

If I had a .exe file which I suspected was malware , but I didn't run it , is there much the file can do ... by simply existing on my drive , as it were.

If I changed the file extension would that make it any more "inactive" ?

J

 

Re: query about what a .exe file can do it not run by user

It can't infect ya if you don't double click eet.

And that is why some security programs only detect the 'infection' and not the inactive file in their real-time

 

Re: query about what a .exe file can do it not run by user

http://www.sunbeltsecurity.com/Submit.aspx?type=cwsandbox&cs=A41CD150B37359889A553671CBFD2360

http://www.norman.com/microsites/nsic/Submit/en-us

http://anubis.iseclab.org/index.php

http://www.threatexpert.com/

 

Re: query about what a .exe file can do it not run by user

Interesting sites , thanks.

I was more wondering about the javascript / scripting side of things.
Could the file do anything in this regards after was downloaded ?
I know sometimes a website can have bad Javascript and that this could run if you just visit the site.
However I've checked my PC and i'm sure that nothing like that happened.

Can a downloaded and unexecuted file run javascript if I have no browser open ?

I'm pretty PC savvy , work as a SQL programmer , but don't know much about how java / java scripting and how that runs on a home PC.

 

Re: query about what a .exe file can do it not run by user

Oh yes, it can....

There are a myriad ways in which executables can be launched and dlls can be loaded into memory without actual human intervention.

Just look at the 'Autostarts' topic in my signature...

 

Re: query about what a .exe file can do it not run by user

Hi Tony

I had a look through that but couldn't find one.
Could you mention a specific example in the link ?

Most of the reports started with "when this process is executed" ,, and then what it did.

They all had to be run by a human in the first place ? :

 

Re: query about what a .exe file can do it not run by user

Most of then don't, which is why they're called "Autostart" locations. They refer to registry keys and values that cause a file to be executed automatically at boot, at logon and in various other ways, without the need to manually execute it.

... the best known example of course being the applications referenced in Msconfig > Startup that automatically load at startup without any user interaction.

 

But if you download a malicious file? Like just a normal download with cloaked malware. It cannot infect you if you don't double click it right?

 

Sorry , I'm probably not being very clear.

I understand that the auto-run reg locations, services , can all run executables and dll's without an user intervention.

But say I had a completely new PC , clean windows install , nothing on it at all.
I copy a malware *.exe file from say a an otherwise clean USB key , and I have the auto_run.inf file disabled.

Could that file do anything in that senario ?
Basically the only action that happened to it was the copy from my USB to my hard drive.

 

333halfevil gave the correct answer above.

Like all of the other *.exe files on a computer, nothing happens until a command of some type is applied to the file. Otherwise, it will just sit there and do nothing!

If you are implying that you might unknowingly copy a malware file from USB, then certainly this is not a pleasant scenario indeed.

This came up recently in a group discussion a while back, and we lamented the fact that no longer are any products being developed (that we know of) that will block copying of unauthorized executables:



----
rich

 

yeah i think i read that discussion.

cheers

J