Penetration Testing mailing list archives
Re: [PEN-TEST] Suspect .EXE Trojan
From: Yonatan Bokovza <Yonatan () XPERT COM>
Date: Thu, 14 Dec 2000 21:34:18 +0200
-----Original Message----- From: Ruso, Anthony [mailto:aruso () POSITRON QC CA] Sent: Thursday, December 14, 2000 8:59 PM To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] Suspect .EXE Trojan Hi, I have a suspect executable that I think may be a Trojan. A search on the .exe doesn't return any result with any virus vendor. Are there any tools that would allow me to execute the file in isolation and actually see what's going on.
If i remember correctly, eSafe had, long long time ago, some sandbox capabilities. I don't know where does it stands today.
The file was already executed on two workstations and it killed Outlook in both cases. I know I can use tripwire and similar products to see what files it makes changes to but I don't want to risk killing outlook again.
How about disassembling it? Or atleast searching for strings in it.
Thanks Anthony Ruso
Best Regards, Yonatan Bokovza IT Security Consultant. yonatan () xpert com Xpert Trusted Systems 972-9-9522361 Shenkar 1, Herzlia Pituach Israel.
Current thread:
- Re: [PEN-TEST] Suspect .EXE Trojan, (continued)
- Re: [PEN-TEST] Suspect .EXE Trojan WernerC (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Dom De Vitto (Dec 15)
- [PEN-TEST] Raw Disk Mounter Clem Colman (Dec 15)
- Re: [PEN-TEST] Raw Disk Mounter Crist Clark (Dec 16)
- Re: [PEN-TEST] Raw Disk Mounter Ryan Russell (Dec 16)
- Re: [PEN-TEST] Raw Disk Mounter Brian Russo (Dec 16)
- Re: [PEN-TEST] Raw Disk Mounter Berend De Schouwer (Dec 16)
- Re: [PEN-TEST] Raw Disk Mounter Jonathan Johnson (Dec 16)
- Re: [PEN-TEST] Raw Disk Mounter c0ncept (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Mark Curphey (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Dom De Vitto (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan WernerC (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Yonatan Bokovza (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Eaton, Arthur (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Ben Ford (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Nexus (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Pierre Vandevenne (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan MadHat (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Nexus (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Frank Knobbe (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Andrew Lawton (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Bob Dog (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Tomi Tuominen (Dec 19)
- Re: [PEN-TEST] Suspect .EXE Trojan Jensen, Greg (Dec 17)