What would happen?

Hi :slight_smile:

Can you tell me what would happen if I open/run malware file in my PC. If I run malware file in Comodo Sandbox is there any chance to harm my computer and How can I run a file in Comodo sandbox.

Virustotal: http://www.virustotal.com/sl/analisis/8ae9c192036448c7a0ff5e6cb0f011d36bf2b813b9f096bc413832747e31b017-1270680541

Camas.comodo: http://camas.comodo.com/cgi-bin/submit?file=8ae9c192036448c7a0ff5e6cb0f011d36bf2b813b9f096bc413832747e31b017

Have a nice day. :slight_smile:

No one can really answer that, as they would need to know what the malware was if it relates to the VT results, most of the detections consider it a trojan dropper or backdoor (or keylogger), which could open up your system to almost anything.

Sandboxes aren’t infallible some sandboxes allow for passage to the non-sandboxed area, so it depends on what sandbox is being used and what its settings are.

Hi JuninhoSlo,

If you have an old computer that you can spare for this and it is in an isolated situation (not on an Intranet or the Internet) you can experiment away in a virtual environment and run the risk of ruining the OS or be left with a machine fit as a doorstopper only. If you know enough Assembly to know what the code is doing or you take all (don’t leave a single one behind inside the code) the “eval”'s and “write-document”'s out, you have a change that it won’t spill from the sandbox to do harm.

In case of these experiments it greatly helps to run under normal user rights and with NoScript and Request Policy installed in the browser or use the mazilla malware browser tool, it was specifically developed for these malcode-“experiments”. This is a no job for the unexperienced or someone that is not an expert. "You would not take a live virus to inspect in the kitchen sink of your home environment either, would you?"Reverse engineering and dissecting malware needs a specific lab environment under strict precautionairy circumatances,

polonus

I wound’t trust a sandbox for that >>> a VM is the way to go for testing malware (remains why you’d want to test malware at all…)
One last word on Avast and Comodo sandboxes: they’re very new, I personally have no idea of how secure they are, especially in 64 bit OS. I gave a try to Comodo sandbox, it’s a disaster (crashes). At least, programs sandboxed with Avast run ;)… but in terms of security, we’re in the dark for both of them.

Hi JuninhoSlo,

If you want to be into this for real read: https://www.eviloctal.com/thread-17210-1-1.html
http://forum.avast.com/index.php?topic=55947.0
and http://forum.avast.com/index.php?topic=58073.0
For malzilla use a normal user account, have a decent grasp of Assembly to have an understanding beforehand what the code is going to preform when it will run and more so what to alter to make it ineffective. There are tools where you can run script and it gives you an insight into the danger there (eval, etc. etc.), also visit a site like this to learn:
www.woodmann.com/ with various resources on reverse engineering,

polonus

Hi :slight_smile:

I won’t doing those things,it’s too dangerous for me. :smiley: I think it’s better to run that file in a virtual mode. Anyway I use VB.

Have a nice day. :slight_smile:

The problem is that VT only operates a standard on-demand scan so unless it is detected by signature it may not be found to be infected.

There are other file analysis tools, which might provide a more complete analysis on what the file does.

For .exe files http://anubis.iseclab.org/?action=home and http://camas.comodo.com/cgi-bin/submit.