Run Email-Worm.Win32.NetSky.p in sandboxie

can anyone tell me how to run Email-Worm.Win32.NetSky.p in sandboxie.......

 

do you have other security in place and what?

 

Pete, I sort of disagree with you here.

I've run Malware samples [from TDSS to Security Tool, and from Zeus Trojan to other fake AV's ] inside Sandboxie [taking precautions, of course] without getting my PC infected by them. But, well that's just me.



Carlos

 

If you don,t know how to run them inside SBIE, you must not run them for sure. You will most probably end up with an infected PC.

If you really want to mess with this, I suggest you to read a lot here and use VMware, VirtualBox or VirtualPC.

 

Yes, i have other security in place

 

Aigle, ya u r right that VMware, VirtualBox or VirtualPC provide a greater foolproof mechanisms than the sandboxie but i am currently involved in designing a malware detection in real time which is automatic and consumes less resources in the sys .......

If u knw how to run tat worm in sandboxie pls help me out

 

Thanks for ur valuable advise Peter. But will u agree with me that without experimenting with things , u cant learn anything even if that cause u grt damage. Anyway , while running it i will take the precautions also.

If u knw how to run that worm in sandboxie , pls help me out.......

 

Karthy,
You can run it in sandboxie. I would add another VM or virtualization. Having a backup image can't hurt either. I usually run malware in sandboxie w/ buster sandbox analyzer and Wondershare time freeze. Its cheap and easy to use.

 

@ karthy1988

Any reason why you couldn't use a VM or Returnil etc ? Or are you trying to see if you bypass sandboxie ?

 

kjdemuth,

If u can see the pdf which comes with Buster sandbox analyzer , there in chapter 7 he has given two examples of worm taken from VX heaven and its analysis report. But since that worm had no proper format (as u can see in the name of the worm itself it is a .p file, unknown format), wen i tried running it in sandboxie it asks me to choose the application which will run that worm......

any suggestions ??

 

Try changing Win32.NetSky.p to Win32.NetSky.pdf

 

I am currently testing DefenseWall Personal Firewall (3.07) against numerous types of threats including stuxnet, TDSS, Drooptroop, Safesys, and many others. So far DefenseWall rocks. I even install SRWare Iron (6.0.475.1) as untrusted (from USB) and was able to rollback successfully without any trace of anything I think you can also try running malware via DefenseWall and check its events log to have an idea of destruction by malware sample.

 

Just add .exe and see how it goes?

Win32.NetSky.p.exe