begood Posted May 30, 2010 Report Share Posted May 30, 2010 This video will show you how to analyze a malware with free tools that are available on the internet. The tools that are used are sysinternals, regshot and wireshark. This video was created by netinfinity (net.infinitum [] gmail [] com).Simple Malware Analyzing Tutorial Quote Link to comment Share on other sites More sharing options...
Nytro Posted May 30, 2010 Report Share Posted May 30, 2010 Da, interesant... Dar cel mai bine:1) Se scaneaza pe virustotal2) Pe VirtualBox se ruleaza mai intai programul intr-un SandBox. Daca nu se deschide, clar, e suspsct.3) Se deschide Process Monitor, cu filtru pentru acel fisier4) Se deschide WireShark5) Se ruleaza acel fisier6) Se verifica in TaskManager daca dupa putin timp procesul mai este activ7) Se deschide AutoRuns si se verifica daca si unde s-a pus la StartUp8) Se verifica daca a trimis/primt diverse pachete in WireShar (sau de preferat CommView la care se poate pune filtru pentru un anumit proces)9) Se analizeaza output-ul de la ProcessMonitor unde se poate observa tot ce a facut programelulSe pot face multe, astea sunt asa, sa fie... Lucruri de baza. De multe ori, se copiaza un fisier intr-o anumita locatie, si se ruleaza acel fisier, deci va trebui analizat si acel fisier. Quote Link to comment Share on other sites More sharing options...
bcman Posted May 30, 2010 Report Share Posted May 30, 2010 Sau si mai simplu pui pe Threat Expert sau Sunbelt Sandbox. Oricum mersi. Foarte util si interesant. Aveam nevoie. Poti pune toate aceste tool-uri in RST Core Project? Quote Link to comment Share on other sites More sharing options...
begood Posted May 30, 2010 Author Report Share Posted May 30, 2010 Sau si mai simplu pui pe Threat Expert sau Sunbelt Sandbox. Oricum mersi. Foarte util si interesant. Aveam nevoie. Poti pune toate aceste tool-uri in RST Core Project?sunt deja Quote Link to comment Share on other sites More sharing options...
bcman Posted May 30, 2010 Report Share Posted May 30, 2010 In noua versiune sau cum? Quote Link to comment Share on other sites More sharing options...
begood Posted May 30, 2010 Author Report Share Posted May 30, 2010 In noua versiune sau cum?da, faza e ca prima versiune am considerat-o alfa, de testare, inca nu am publicat "oficial" nimic.Cand termin de organizat pachetul, sa am si timp, atunci voi lansa prima versiune de RSTcore. Quote Link to comment Share on other sites More sharing options...
bcman Posted May 30, 2010 Report Share Posted May 30, 2010 Sper sa fie cat mai buna. Mi-a fost foarte utila varianta actuala. Quote Link to comment Share on other sites More sharing options...