Network Security: Detailed info on RE: Exploit package analysis

Subject:	RE: Exploit package analysis
Date:	Fri, 29 Jul 2005 19:57:04 +0200


Anyhow, the site at http://virusscan.jotti.org/ will probably 
be of use.
In the event that the previous site was not able to classify 
the suspected malware, I recommended running it on a separate 
box (or VM) and following it's execution with softice, strace


Another free service that can be used is Norman sandbox
(http://sandbox.norman.com/). It's running the provided application
inside a windows VM and reporting it's actions regarding registry, file
system, network and it's actions against many common applications. I've
used it many times where I'm in posession of a suspicios file and most
of the time it can tell me what it does. It will also report if this is
a known virus. But don't trust it blindly. I had an .exe file that I
found to contact a russian irc server, registering itself in windows
startup etc, but Norman didn't find anything so it might be possible to
fool Norman sandbox too. But this service is still very useful to
finding out what an application does.

Lars

<Prev in Thread]	Current Thread	[Next in Thread>
Exploit package analysis, Erin Carroll RE: Exploit package analysis, Eyal Udassin Re: Exploit package analysis, Mattias Ahnberg RE: Exploit package analysis, Matt RE: Exploit package analysis, Todd Towles Re: Exploit package analysis, Justin Ferguson Re: RE: Exploit package analysis, mark . handy RE: Exploit package analysis, Todd Towles RE: Exploit package analysis, Lars Troen <=

Previous by Date:	RE: Exploit package analysis, Todd Towles
Next by Date:	Re: Exploit package analysis, Mattias Ahnberg
Previous by Thread:	RE: Exploit package analysis, Todd Towles
Next by Thread:	Open Source Footprinting Tool - SpiderFoot, Steve Micallef
Indexes:	[Date] [Thread] [Top] [All Lists]