Results 1 to 2 of 2

Thread: Malware samples: broken vs tool detection

  1. #1
    Theory5
    Guest

    Malware samples: broken vs tool detection

    How do you figure out the difference between a broken sample or a sample that is advanced enough to detect VMware or malware analysis tools?

    I have this 16-bit sample (at least i think its 16-bit, but PE still says "this program cannot be run in DOS mode" I took it off of a system infected with the FBI moneypak malware. it was the only malicious program I could find.) and since I am new to debugging I haven't exactly cultivated a working knowledge of assembly. But it doesn't run. I've tried to run it in both a virtualbox guest OS and on a native OS (both win7), but it never appeared to do anything that I could find with sysinternals.

    So how do I determine what this is and if it is an actual working sample or if it is broken? MSE detected it and I "allowed" it then simply copied the file from the path provided (the drive was wiped afterwards). I assumed it might be obfuscated but PEiD didn't seem to detect any of the common packing algorithms.

    Any help would be great! Also, the sample is available upon request, I just didn't want to toss it up on the thread without someone looking for it.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,048
    Blog Entries
    5
    Hi, welcome to the board. You're welcome to attach the file if you wish and I'm sure someone will take a look at it. Just zip and password protect the attachment (i.e. password "malware" or something).

Similar Threads

  1. Some broken links on woodmann.com
    By trietptm in forum The Newbie Forum
    Replies: 1
    Last Post: December 8th, 2012, 02:37
  2. Kernel modules loaded with broken PE header?
    By nxa in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: May 14th, 2009, 23:10
  3. SoftICE Symbol Retriever broken?
    By laola in forum Tools of Our Trade (TOT) Messageboard
    Replies: 16
    Last Post: August 6th, 2005, 16:26
  4. Has anyone got Stone's many source code samples???
    By BobRock in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: June 17th, 2002, 19:25

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •