Today, I’ll explain in short three alternatives for analysing binary files.

When we had suspected about binary file, we’ve had two options:

- First one and not recomendable, running and thinking that it only get “infected” the others

- Second one, to have a Windows system virtualized, run it there while we monitorize it with tools as Filemon, Regmon, wireshark…

Recently, I’ve found one quickly way, and it could help us in some cases.

• VirusTotal - http://www.virustotal.com/es/
• Joebox - http://www.joebox.org/
• Anubis - http://anubis.iseclab.org/

We can analyse files with several antivirus engines at the same time with Virustotal, it will give us a orientation about file types that you use. This web is a Hispasec Systems creation, very good reference from my point of view.

With Joebox, we’ll have a sandbox installed, we can run the executable in a secure virtual environment. It’ll give us traces with information about the behavior. This virtual environment is easy to deploy and with same security guarantees that a virtual machine with independent operating system.

Anubis online service will analyse the binary file, and it will send us a report about its behavior. A good complement to any sandbox, it’ll allow us to contrast the information.