Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How To Proceed With A Very Doubtful Application Sent From A Freelance?


  • Please log in to reply
12 replies to this topic

#1 np2015

np2015

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 29 September 2015 - 03:54 PM

Hi,
 
A freelance developper has to send me an application he developped for me. 
I found this person on internet and don't know much about him.
I highly suspect these files might either be infected or hide a feature that transfers data of mine to an external server.
So I really want to make sure that : 
1. the files he sends me are not infected
2. the files he sends me can't include a trojan
3. the application he sends me can't communicate with internet to steal information from my PC (this application should not need internet to work).
How do you recommend proceeding in this specific case?
 
Thank you
 
PS : I use Windows 10, 64 bits, and I use Bitdefender Antivirus Plus 2015.
I don't use other security programm or firewall. If I should, feel free to let me know what you recommend.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:28 AM

Posted 29 September 2015 - 04:23 PM

If it is less than 128MB in size you can have the files scanned by multiple security

programs at VirusTotal - Free Online Virus and Malware Scan 

for 'known' malware....not necessarily something new.

 

Even if nothing is found to be malicious does not guarantee there is nothing malicious in the files. It also doesn't mean the

application would perform successfully and not cause damage. How to Safely Test Software Without Messing Up Your System


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 Gorbulan

Gorbulan

  • Members
  • 832 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 29 September 2015 - 04:56 PM

I recommend setting up a virtual machine. That way you can test it to your heart's delight without it messing up your actual machine. buddy215 posted a good link with plenty of information.



#4 shelf life

shelf life

  • Malware Response Team
  • 2,651 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:01:28 AM

Posted 29 September 2015 - 04:56 PM

Short of getting a crash course in using some tools, I know of one online scan that may provide a little more info that might be useful to know.  I know there are more but this one comes to mind.

 

https://anubis.iseclab.org/

 

You might try this one also:

 

https://www.metascan-online.com/#!/scan-file

 

 

another:

http://www.threatexpert.com/submit.aspx


Edited by shelf life, 29 September 2015 - 07:20 PM.

How Can I Reduce My Risk to Malware?


#5 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:06:28 AM

Posted 29 September 2015 - 04:58 PM

You can upload it to malwr.com which offers stealth virtualization (to counter possible anti-VM mechanisms) for both static and dynamic analysis, but then you will need to know how to interpret the results.

VirusTotal checks the file against multiple AV & AM engines, but it is signature detection only so it can miss unknown malware.

#6 np2015

np2015
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 01 October 2015 - 12:38 PM

Thank you guys for your tips!

I thought about something :
 
Question 1 :

Do you think it would be safer to ask the developper to send me the source code, so that I build the exe file myself?

 

Question 2 : 
If the answer is YES : before building the .exe, I guess I need to check everything's OK in the code.
But I am a noob in coding. Never did that in my life, although I have some knowledge in computers/IT.
So the next question would be : how do you check everything's safe in the source code???



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:28 AM

Posted 01 October 2015 - 08:49 PM

I recommend setting up a virtual machine. That way you can test it to your heart's delight without it messing up your actual machine....

Be aware that not all malware will work in that environment by intention. Malware writers have been able to create malicious files which can detect if it is running in a virtual machine (VM). When detected as such, the malware is able to change its behavior by not running any malicious code which can infect the operating system. This is a deliberate technique to make analysis/detection more difficult for security researchers who use VMs to study infections in order to understand the attack methodology used and develop disinfection solutions. So just because you test a program in a VM and it does not behave maliciously...that does not necessarily mean it is not malicious.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Gorbulan

Gorbulan

  • Members
  • 832 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 02 October 2015 - 11:22 AM

 

I recommend setting up a virtual machine. That way you can test it to your heart's delight without it messing up your actual machine....

Be aware that not all malware will work in that environment by intention. Malware writers have been able to create malicious files which can detect if it is running in a virtual machine (VM). When detected as such, the malware is able to change its behavior by not running any malicious code which can infect the operating system. This is a deliberate technique to make analysis/detection more difficult for security researchers who use VMs to study infections in order to understand the attack methodology used and develop disinfection solutions. So just because you test a program in a VM and it does not behave maliciously...that does not necessarily mean it is not malicious.

 

 

The malware knows it is being tested? Did Volkswagen write it? 



#9 RolandJS

RolandJS

  • Members
  • 4,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:12:28 AM

Posted 02 October 2015 - 11:27 AM

Quietman7, +1 on what you said!  Question:   just because an EXE resides in a VM, can it still affect or have an effect upon data files residing outside of the VM?  I only have some experience with V/Windows XP Mode; I can copy into VM and copy out of VM somethings..


Edited by RolandJS, 03 October 2015 - 10:02 AM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:28 AM

Posted 02 October 2015 - 02:25 PM

Virtual machines are also “sandboxed” from the rest of your system, which means that software inside a virtual machine can’t escape the virtual machine and tamper with the rest of your system. A virtual machine can be a good place to rest out programs you don’t trust and see what they do. For example, when the “Hi, we’re from Windows” scammers came calling, we ran their software in a virtual machine to see what they would actually do — the virtual machine prevented the scammers from accessing the computer’s real operating system and files.

Beginner Geek: How to Use Virtual Machines
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 RolandJS

RolandJS

  • Members
  • 4,525 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:12:28 AM

Posted 03 October 2015 - 10:04 AM

+1; however, within Windows XP mode, I was able to copy into and copy out of said VM.  Is it possible that some EXE within a VM can do likewise?  The files being copied into and copied out of said VM were either install EXEs or data files. 


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:28 AM

Posted 03 October 2015 - 12:40 PM

I have learned that almost anything is possible but that does not mean it is likely.

You as the user are in control of the virutual environment and what is done. I suppose a hacker who has remote control of your system could do malicious things but if that were the case, I don't think you're the type who would not notice something is awry with your system.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:28 AM

Posted 12 October 2015 - 12:55 PM

Thank you guys for your tips!

I thought about something :
 
Question 1 :

Do you think it would be safer to ask the developper to send me the source code, so that I build the exe file myself?

 

Question 2 : 
If the answer is YES : before building the .exe, I guess I need to check everything's OK in the code.
But I am a noob in coding. Never did that in my life, although I have some knowledge in computers/IT.
So the next question would be : how do you check everything's safe in the source code???

 

Didn't your contract with that person include the source code?

What language is it written in?


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users