bert
[Entry]
"It's not easy to deal with suspicious files, the first thing to advise it's to rather use an alternative secure source.
However if you want to test the file in a VM, here are some good tools:
All-In-One System Explorer:
Inspect system: process, startup, services, ...
or Sysinternals Autoruns, ProcessExplorer, Process Monitor
Check files with Virus Total, Virus Jotti and it's own database
or Virus Total Uploader
Create snapshots to compare before/after disk and registry changes
or SpyMe Tools, WhatChanged
Other usefull tools:
Antivirus: according the latest av-comparatives pro-active (heuristic) tests, Microsoft Security Essentials (freeware) and Kaspersky (payware) are the best picks (Avira have a high detection rate too but also have a high false-alarm rate) HIPS (Host-based Intrusion Prevention System): ThreatFire (or WinPatrol, MJ Registry Watcher) Firewall: Comodo (or Online Armor) Network connections inspectors: CurrPorts (or TCPView) Rootkit scanner: Gmer (or RootkitRevealer less powerfull, but easyer to use) Online, behaviour analysis: Anubis (or CWSandlox, ThreatExpert, Norman Sandbox) File checksums (google the most commons: MD5, SHA-1): HashCalc Svchost analyzer
But finally, the only way to be sure is to disassemble the software and understand the asm code, a very fastidious task. So return to the first advice..."
|