Answer the question
In order to leave comments, you need to log in
How to check for a malicious file?
Good day!
There is a malicious file (VirusTotal at least gives almost 10/10 on analysis). There is also a desire to follow all the "body movements" in the system after its launch. I would like to know what is needed for such manipulations? And how to do it.
For example, I figured it out and installed a virtual machine, launched a "virus", and then what? How to view what areas it affects, can it send packets or passwords / other data? Of such software, I used only Fiddler, maybe there are more highly specialized utilities?
In general, tell me in which direction to move. Thank you in advance!
Answer the question
In order to leave comments, you need to log in
IDA to understand what he wants and how
wireshark works to analyze network activity
felemon to analyze disk activity
utilities to remove hashes from files in order to understand where and what has changed
There are anti-virus sandboxes that intercept absolutely all the gestures of the program and show them.
As an example * TYK *. As far as I remember, a graph is available for authorized users on VT, on which there are virus movements.
But there is no 100% guarantee, the virus can recognize a sandbox, even a very advanced one.
The downside is that such sandboxes may not display all the information (free), and paid ones have a huge cost.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question