Break down an application

I have an application which the author claims is not a trojan, but a false positive. According to VirusTotal 20 vendors detect this application as a worm/trojan.

How do I break down the application to find out exactly what it does?

 

If your having to ask that question I doubt you will able to gain and interpret anything from doing so

But, if your interested in learning, some key words for you : virtual machine, sandbox(offline/online) windbg, processexplorer, process monitor, tcpview and autoruns for a start.

Btw what the application?

 

Look at the source code. If it's binary only, decompile it and hope your skillz are good enough to pull it off.

 

Remember the legal implications of reverse engineering an application.

 

Why not upload it here......
http://www.threatexpert.com/filescan.aspx
Could possibly give you an answer.
(as long as it is 5mb or less)

 

It doesn't sound like gasp is that experienced, as he wouldn't be asking. Maybe start with a process explorer and autoruns see what's being opened, connections made, uploading to sandbox, naming the application here .

 

Maybe look at https://www.wilderssecurity.com/showthread.php?t=201634 and https://www.wilderssecurity.com/showthread.php?t=206143.