Break down an application

Discussion in 'other security issues & news' started by Gasp, Feb 2, 2010.

Thread Status:
Not open for further replies.
  1. Gasp

    Gasp Registered Member

    Joined:
    Jan 13, 2010
    Posts:
    82
    I have an application which the author claims is not a trojan, but a false positive. According to VirusTotal 20 vendors detect this application as a worm/trojan.

    How do I break down the application to find out exactly what it does?
     
  2. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    If your having to ask that question I doubt you will able to gain and interpret anything from doing so :)

    But, if your interested in learning, some key words for you : virtual machine, sandbox(offline/online) windbg, processexplorer, process monitor, tcpview and autoruns for a start.

    Btw what the application?
     
    Last edited: Feb 2, 2010
  3. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Look at the source code. If it's binary only, decompile it and hope your skillz are good enough to pull it off.
     
  4. siljaline

    siljaline Registered Member

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  5. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,513
    Why not upload it here......
    http://www.threatexpert.com/filescan.aspx
    Could possibly give you an answer.
    (as long as it is 5mb or less)
     
  6. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    It doesn't sound like gasp is that experienced, as he wouldn't be asking. Maybe start with a process explorer and autoruns see what's being opened, connections made, uploading to sandbox, naming the application here:) .
     
  7. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.