Can someone test this "malware"? Would Sandboxie be bypassed? Should I Reinstall Win8

Discussion in 'sandboxing & virtualization' started by an2tex, Dec 7, 2013.

Thread Status:
Not open for further replies.
  1. an2tex

    an2tex Registered Member

    Joined:
    Apr 12, 2013
    Posts:
    29
    Yes - I was a bit interested in security issues some time ago, although still time to time look here and there but interests change gradually shifting to other issues. I made a setup that also has some user (my) involvement, including Sandboxie, Malwarebytes Pro, EMET, UAC and many things running concurrently.

    Everything seems fine, except for (user) - that's me which has no security patches. LOL.

    And, yeah, the problem with me is that I ignored this whole setup running all together, (I just started to neglect security a bit - after a concentrated research I thought everything was fine, and leave it as is because everything was almost automatic, and I was very careful to what I am doing). For most of you, this is a hobby, but I am not a technical guy. I only learnt what I needed as security for daily tasks to prevent some losses. Not a permanent interest. Only for the necessity.

    I just setup the whole thing, and especially relied on Sandboxie (I made everything restricted except for Browsers in Sandboxie, downloaded nothing other than known software with signatures like security products.)

    What I neglected today, is. I downloaded something from a forum pm (yes - that's the point, my mistake). I created a new container for this, just did not restrict anything (although I restrict every container like browsers container) - but not this one. Even my browser Sandboxie settings were better.

    Checked from Virus total - it is a virus for all the AV's there. My computers own AV Avast told it is a virus. I just trusted Sandboxie and told Avast to allow. I just think it would not be bypassed in one single instance of negligence (as it seems very low percentage of files can bypass Sandboxie). -- Well this should not be considered as a negligence I know, I did everyhing needed to get infected.

    And after the install - I saw that there were lots of fake programs created in the container. It seems as a malware/hacker product.

    I immediately terminated everything, deleted the contents and the container.

    But I heard some Hard Disk sound from my Laptop for some time after I cleaned and deleted the container, as if some malware running in the background doing something - may be a placebo. May be it was the usual sound of the Laptop. I am not sure.

    But I am a bit worried - would Sandboxie have been bypassed? Should I reinstall Windows 8?

    I trusted mainly Sandboxie as one of the strongest ring in the chain, however there is a low chance that it can be beaten, this is well known. After all, Tzuk, the author put all the security settings to prevents this to some extent (which is nice that he always updates it and puts setting for almost anything.)

    I know there are people who play with virtual machines for testing Malware as a hobby, can someone here, if possible test this file if it can bypass Sandboxie? If so - I will reinstall Windows 8.

    Here is the file:

    ~Link removed~

    If you or someone you know tests this - please give all administrative privileges to be prepared for the worst scenario. Please run the whole files, including the downloader and subsequent files etc. Then see if it can pass the security of Sandboxie.

    Well - yes, calling myself an idiot is a bit harsh in the general sense, most people do not even do what these are, but the overall Security Intelligence Quota here is higher than the general public - so I can call myself idiot for that kind of negligence while most of the things were setup and fine, even most of the components warned me. I just trusted Sandboxie a lot (which I still do) but - I will need to know if I will reinstall Windows 8 Or not.

    Can someone get this "malware" tested for me? I do not think this is outrageous demand, some people around here see this as a hobby, and it would not hurt to test one more malware. (more than a malware - this is a pack of virus) - this would help me a lot!...
     
    Last edited by a moderator: Dec 7, 2013
  2. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    First of all...you not supposed to post live malware links. I ran a few tests and found that its a bitcoin.miner trojan. It bascially turns your computer into a zombie looking for bitcoins for someone else. This link explains how it works http://www.wired.co.uk/news/archive/2013-04/8/bitcoin-trojan.
    Just to be on the safe side I would run a few malware scans with HMP, malwarebytes free and Emsisoft emergency kit.
    Chances are if you had the malware running in sandboxie and then terminated and deleted everything it's gone.
     
  3. bo elam

    bo elam Registered Member

    Joined:
    Jun 15, 2010
    Posts:
    3,768
    Location:
    Nicaragua
    an2tex, you are not an idiot, you ran the sample in a sandbox (thats smart, IMO). I agree with kjdemuth, since you ran it sandboxed, after deleting the sandbox, all is gone. I bet you are not seeing anything out of the ordinary "after" you rebooted the computer. Don't worry and dont reinstall Windows.

    Bo
     
  4. an2tex

    an2tex Registered Member

    Joined:
    Apr 12, 2013
    Posts:
    29
    Thanks to both of you. Now - I feel more comfortable.
     
  5. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Don't execute malware on your main machine, especially if you're looking for bypasses. Have something like DBAN ready just in case.
     
Loading...
Thread Status:
Not open for further replies.