Run the file in an isolated environment and track it

Question

Run the file in an isolated environment and track it

I have a file that may be a virus. I would like to execute the file in some form of sandbox and track which files it is trying to modify or basically everything that it is trying to do. What software tools and knowledge do I need for this?

My system is windows 7.

+3

virus

Shawn mclean Feb 13 '10 at 22:24

source share

3 answers

Microsoft Virtual PC / VMWare.
/.

, . Google: sysinternals .

+1

Zyphrax 13 . '10 22:28

Several options that provide an "isolated" environment. (Was this a question right? No, if you can run it in a virtual machine).

0

joveha Feb 16 '10 at 16:39

source share

user257111 · Accepted Answer · 2010-02-13T22:35:53+0000

I will try to see this in the context of programming as reverse engineering. Here are some things you could do:

Get an idea of which APIs are called using the depend.exe file from the Microsoft SDK. You can also see what characters it refers to.
procexp.exe/tcpview.exe/filemon.exe/regmon http://www.sysinternals.com, .
WinDbg Microsoft, , .

, , . , , , .

Run the file in an isolated environment and track it

More articles: