Run Email-Worm.Win32.NetSky.p in sandboxie

Discussion in 'sandboxing & virtualization' started by karthy1988, Oct 2, 2010.

Thread Status:
Not open for further replies.
  1. karthy1988

    karthy1988 Registered Member

    Joined:
    Oct 2, 2010
    Posts:
    11
    can anyone tell me how to run Email-Worm.Win32.NetSky.p in sandboxie.......o_O
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    do you have other security in place and what?
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,040
    Hi Karthy

    My advice to you in the strongest way is if you have to ask what you did, don't do it.

    You have to know what you are doing, and how to protect yourself, in case.

    Pete
     
  4. Zyrtec

    Zyrtec Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    534
    Location:
    USA
    Pete, I sort of disagree with you here.

    I've run Malware samples [from TDSS to Security Tool, and from Zeus Trojan to other fake AV's ] inside Sandboxie [taking precautions, of course] without getting my PC infected by them. But, well that's just me.



    Carlos
     
  5. aigle

    aigle Registered Member

    Joined:
    Dec 14, 2005
    Posts:
    11,047
    Location:
    Saudi Arabia/ Pakistan
    If you don,t know how to run them inside SBIE, you must not run them for sure. You will most probably end up with an infected PC.

    If you really want to mess with this, I suggest you to read a lot here and use VMware, VirtualBox or VirtualPC.
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,040
    Hi Carlos

    You didn't read what I wrote. I didn't say you couldn't safely do it, but if one doesn't know enough to have to ask about it, they may well get themselves into trouble.

    You know what you are doing, and that is a different matter.

    Pete
     
  7. karthy1988

    karthy1988 Registered Member

    Joined:
    Oct 2, 2010
    Posts:
    11
    Yes, i have other security in place
     
  8. karthy1988

    karthy1988 Registered Member

    Joined:
    Oct 2, 2010
    Posts:
    11
    Aigle, ya u r right that VMware, VirtualBox or VirtualPC provide a greater foolproof mechanisms than the sandboxie but i am currently involved in designing a malware detection in real time which is automatic and consumes less resources in the sys .......

    If u knw how to run tat worm in sandboxie pls help me out
     
  9. karthy1988

    karthy1988 Registered Member

    Joined:
    Oct 2, 2010
    Posts:
    11
    Thanks for ur valuable advise Peter. But will u agree with me that without experimenting with things , u cant learn anything even if that cause u grt damage. Anyway , while running it i will take the precautions also.

    If u knw how to run that worm in sandboxie , pls help me out.......
     
  10. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Karthy,
    You can run it in sandboxie. I would add another VM or virtualization. Having a backup image can't hurt either. I usually run malware in sandboxie w/ buster sandbox analyzer and Wondershare time freeze. Its cheap and easy to use.
     
  11. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ karthy1988

    Any reason why you couldn't use a VM or Returnil etc ? Or are you trying to see if you bypass sandboxie ?
     
  12. karthy1988

    karthy1988 Registered Member

    Joined:
    Oct 2, 2010
    Posts:
    11
    kjdemuth,

    If u can see the pdf which comes with Buster sandbox analyzer , there in chapter 7 he has given two examples of worm taken from VX heaven and its analysis report. But since that worm had no proper format (as u can see in the name of the worm itself it is a .p file, unknown format), wen i tried running it in sandboxie it asks me to choose the application which will run that worm......

    any suggestions ??
     
  13. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Try changing Win32.NetSky.p to Win32.NetSky.pdf
     
  14. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    I am currently testing DefenseWall Personal Firewall (3.07) against numerous types of threats including stuxnet, TDSS, Drooptroop, Safesys, and many others. So far DefenseWall rocks. I even install SRWare Iron (6.0.475.1) as untrusted (from USB) and was able to rollback successfully without any trace of anything [​IMG] I think you can also try running malware via DefenseWall and check its events log to have an idea of destruction by malware sample.
     
  15. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Just add .exe and see how it goes?

    Win32.NetSky.p.exe
     
Loading...
Thread Status:
Not open for further replies.