Results 1 to 2 of 2

Thread: Malware samples: broken vs tool detection

  1. #1

    Malware samples: broken vs tool detection

    How do you figure out the difference between a broken sample or a sample that is advanced enough to detect VMware or malware analysis tools?

    I have this 16-bit sample (at least i think its 16-bit, but PE still says "this program cannot be run in DOS mode" I took it off of a system infected with the FBI moneypak malware. it was the only malicious program I could find.) and since I am new to debugging I haven't exactly cultivated a working knowledge of assembly. But it doesn't run. I've tried to run it in both a virtualbox guest OS and on a native OS (both win7), but it never appeared to do anything that I could find with sysinternals.

    So how do I determine what this is and if it is an actual working sample or if it is broken? MSE detected it and I "allowed" it then simply copied the file from the path provided (the drive was wiped afterwards). I assumed it might be obfuscated but PEiD didn't seem to detect any of the common packing algorithms.

    Any help would be great! Also, the sample is available upon request, I just didn't want to toss it up on the thread without someone looking for it.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Blog Entries
    Hi, welcome to the board. You're welcome to attach the file if you wish and I'm sure someone will take a look at it. Just zip and password protect the attachment (i.e. password "malware" or something).

Similar Threads

  1. Some broken links on
    By trietptm in forum The Newbie Forum
    Replies: 1
    Last Post: December 8th, 2012, 02:37
  2. Kernel modules loaded with broken PE header?
    By nxa in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: May 14th, 2009, 23:10
  3. SoftICE Symbol Retriever broken?
    By laola in forum Tools of Our Trade (TOT) Messageboard
    Replies: 16
    Last Post: August 6th, 2005, 16:26
  4. Has anyone got Stone's many source code samples???
    By BobRock in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: June 17th, 2002, 19:25


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts