Help with a "non-virus?"

Discussion in 'malware problems & news' started by TechMuncher, Jul 9, 2011.

Thread Status:
Not open for further replies.
  1. TechMuncher

    TechMuncher Registered Member

    Joined:
    Jul 9, 2011
    Posts:
    3
    I posted this a second ago, but it got banned?

    Anyways, I cannot seem to figure out what a certain malicious .exe file is trying to do.

    I'd post the link, but I think that is what got me banned.

    I tried to sandbox it, but it didn't seem to do anything. So I took the "brave" route and I ran it in normal user mode.. and it popped up a CMD window and dropped out.

    Any suggestions how I can figure out what that malicious exe is trying to do?

    Thank!
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,878
    Location:
    New England
    The link in your first thread was a direct download to an EXE file that you even thought was malware. We don't allow malware links here. So, we removed the first thread while we looked into it. Further research on similar EXE files hosted by the same website showed likely malware, or at least extremely suspicious files, named like "TeenPorn.exe" and "TeenWebcam.exe" - all of which are not things to direct link from here.

    However, your question about how to check file(s) and test them to see what they actually do, is a valid topic for discussion. I suspect people will recommend virtualization or similar approaches.
     
  3. Malcontent

    Malcontent Registered Member

    Joined:
    Dec 30, 2005
    Posts:
    451
    Location:
    Cleveland, Ohio USA
    http://www.sunbeltsecurity.com/sandbox/

    Submit it to the Sunbelt sandbox and they will email you a report about what it does.
     
  4. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Brave and dumb indeed (on a main machine). Did you at least have a disk image?
    I would've used a system virtualizer (like Returnil), if that fails, a virtual machine (like VMware).
     
  5. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    Use Buster Sandbox Analyzer with Sandboxie. Its a great free analyzer
     
  6. TechMuncher

    TechMuncher Registered Member

    Joined:
    Jul 9, 2011
    Posts:
    3
    The online analyzer is a great tool! thanks!

    I was using sandboxie, but didn't think to try that add-on. That is a fantastic suggestion.

    It is most certainly dumb to just run on the main machine, but there is a certain thrill to it.. lol ;-)

    I will let you know what the analyzer report comes up with as soon as I get a response!
     
Loading...
Thread Status:
Not open for further replies.