Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

EXE file analyzer


  • Please log in to reply
4 replies to this topic

#1 smccain

smccain

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:33 AM

Posted 21 February 2014 - 11:23 AM

With apologies if this is an old topic revisited:

 

Last night I wrapped up a painful struggle against a pernicious infection on a SQL Server machine (running Windows 2003 Server and SQL Server 2000).

I'm not ready to declare victory, but the tide has turned and for now at least I'm able to shift some attention away from direct combat and toward understanding causes and effects of my failure.

 

I have a number of files that were being called to instantiate/re-instantiate the malware.

Some of those files are non-compiled scripts, which I can review pretty easily.

 

Some of these are compiled .exe files.

 

Interestingly, none of the tools I used -- including Malwarebytes, Kaspersky and Symantec -- identify these executables as viruses. Since I know these files were being instantiated by the intruders, I find that unsettling. Furthermore, I can see these .exe files reaching out to IP addresses that have nothing to do with the server's purpose.

 

At any rate, I'm wondering if anyone knows of a service that can analyze compiled executables and determine what they're doing / attempting to do.

 

If not, I'll try to do something with a virtual machine. But I'm not an expert and ... I guess I'm wondering if such a person/group/service exists either to do the testing or a resource to advise somebody who may want to do such testing.


Edited by smccain, 21 February 2014 - 11:31 AM.


BC AdBot (Login to Remove)

 


#2 SpywareDoctor

SpywareDoctor

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 21 February 2014 - 01:16 PM

https://www.virustotal.com/



#3 smccain

smccain
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:33 AM

Posted 21 February 2014 - 01:34 PM

Good stuff.

Bless you and thanks, SpywareDoctor.

 

Not only does virustotal confirm the "badness" of the files, but it also gives me some names to research as to what the infected files were doing.

 

You're a golden god.

 

Thanks again!



#4 SpywareDoctor

SpywareDoctor

  • Members
  • 256 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 21 February 2014 - 01:36 PM

No problem. :)



#5 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,135 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:02:33 AM

Posted 21 February 2014 - 05:52 PM

:clapping:


Chad Mockensturm 
Network Engineer
Certified CompTia Network +, A +




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users