From: Lars Troen (Lars.Troen@sit.no)
Date: Fri Jul 29 2005 - 13:57:04 EDT
>
> Anyhow, the site at http://virusscan.jotti.org/ will probably
> be of use.
> In the event that the previous site was not able to classify
> the suspected malware, I recommended running it on a separate
> box (or VM) and following it's execution with softice, strace
Another free service that can be used is Norman sandbox
(http://sandbox.norman.com/). It's running the provided application
inside a windows VM and reporting it's actions regarding registry, file
system, network and it's actions against many common applications. I've
used it many times where I'm in posession of a suspicios file and most
of the time it can tell me what it does. It will also report if this is
a known virus. But don't trust it blindly. I had an .exe file that I
found to contact a russian irc server, registering itself in windows
startup etc, but Norman didn't find anything so it might be possible to
fool Norman sandbox too. But this service is still very useful to
finding out what an application does.
Lars
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:40 EDT