Break down an application

Discussion in 'other security issues & news' started by Gasp, Feb 2, 2010.

Thread Status:
Not open for further replies.
  1. Gasp

    Gasp Registered Member

    Joined:
    Jan 13, 2010
    Posts:
    82
    I have an application which the author claims is not a trojan, but a false positive. According to VirusTotal 20 vendors detect this application as a worm/trojan.

    How do I break down the application to find out exactly what it does?
     
  2. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    If your having to ask that question I doubt you will able to gain and interpret anything from doing so :)

    But, if your interested in learning, some key words for you : virtual machine, sandbox(offline/online) windbg, processexplorer, process monitor, tcpview and autoruns for a start.

    Btw what the application?
     
    Last edited: Feb 2, 2010
  3. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Look at the source code. If it's binary only, decompile it and hope your skillz are good enough to pull it off.
     
  4. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  5. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
    Why not upload it here......
    http://www.threatexpert.com/filescan.aspx
    Could possibly give you an answer.
    (as long as it is 5mb or less)
     
  6. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    It doesn't sound like gasp is that experienced, as he wouldn't be asking. Maybe start with a process explorer and autoruns see what's being opened, connections made, uploading to sandbox, naming the application here:) .
     
  7. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
Loading...
Thread Status:
Not open for further replies.