Jump to content

anyone got a sandbox or vc to test this in ?


DLSS
 Share

Recommended Posts

yeah i got sent a link to this exe by someone who's clearely been infected with a msn virus

seeing i got this message while she was in offline mode and doesnt speak english :

(6:15:19 PM) [(F)Sanne...                                    [Christophe(K)...: http://photo.msn.isuisse.com/?photo=dlss2smart

(6:15:20 PM) [(F)Sanne...                                    [Christophe(K)...: your photos are published on this site :S

i dloaded it n did a scan but weirdly enough it passes the av test ...

ofcoarse i'm not stupid enough to execute it , but am rly wondering what it'd do , anyone got a sandbox or vc  to test it in ?

peace, DLSS

update : yeah as if it wasnt obvious enough she was infected i now got this XD

(6:39:04 PM) [(F)Sanne...                                    [Christophe(K)...: enlarge your penis almost 4 free !! look at htdo not click thistp://wdo not click thisww.124rhsaf.com

(6:39:04 PM) [(F)Sanne...                                    [Christophe(K)...: enlarge your penis almost 4 free !! look at htdo not click thistp://wdo not click thisww.124rhsaf.com

(6:39:04 PM) [(F)Sanne...                                    [Christophe(K)...: enlarge your penis almost 4 free !! look at htdo not click thistp://wwdo not click thisw.124rhsaf.com

(i added the do not click this )

someone's gonna get kicked off of my msn list ...

Link to comment
Share on other sites

Link to comment
Share on other sites

I did a Scan with SuperScan (uses the engines of several AV's), and it says it has "HackTool.A".
hm weird my avast didnt give a kick ...

thnx m8 i'll check tht out right now :p

*upd8* hey you reckon the guy in the jpg is the creater ?

Link to comment
Share on other sites

I did a Scan with SuperScan (uses the engines of several AV's), and it says it has "HackTool.A".

hm weird my avast didnt give a kick ...

thnx m8 i'll check tht out right now :p

Yea, the services.txt file is the executable. Do Not Run It locally! But go ahead and disect it or VM it if you want to see what its doing. I just got a new pc, so I still need to reinstall Windows in a VM to test the file. Best thign is to wireshark it and see what its trying to conenct to on the internet and see if you can get its logon and password to the site its trying to reach.

Link to comment
Share on other sites

I have a question that is a little off topic, but i just recently started using sandboxie and was wondering if  i can load a different os in it?

No, it integrates with your Windows Installation. You Would have to use a Virtual Machine.

Link to comment
Share on other sites

No, it integrates with your Windows Installation. You Would have to use a Virtual Machine.

QFE! Everything that runs in Sandboxie does so by making a shadow registry and path environment. Also, it tries to isolate running code in memory. It has no way to load an OS, just programs based on the current OS its running inside of since it mimics windows reg and folder layout. You would need a hypervisor to load a full OS like Vmware, Microsoft Virtual PC, etc.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...