When we had suspected about binary file, we’ve had two options:

- First one and not recomendable, running and thinking that it only get “infected” the others

- Second one, to have a Windows system virtualized, run it there while we monitorize it with tools as Filemon, Regmon, wireshark…

Recently, I’ve found one quickly way, and it could help us in some cases.

• VirusTotal - http://www.virustotal.com/es/
• Joebox - http://www.joebox.org/
• Anubis - http://anubis.iseclab.org/

We can analyse files with several antivirus engines at the same time with Virustotal, it will give us a orientation about file types that you use. This web is a Hispasec Systems creation, very good reference from my point of view.

With Joebox, we’ll have a sandbox installed, we can run the executable in a secure virtual environment. It’ll give us traces with information about the behavior. This virtual environment is easy to deploy and with same security guarantees that a virtual machine with independent operating system.

Anubis online service will analyse the binary file, and it will send us a report about its behavior. A good complement to any sandbox, it’ll allow us to contrast the information.

findstr

Leyendo más sobre él, puedo concluir que tiene la apariencia de grep, que ni hablo del sed , pero con menos potencia:

findstr [/b] [/e] [/l] [/r] [/s] [/i] [/x] [/v] [/n] [/m] [/o] [/p] [/offline] [/g:file] [/f:file] [/c:string] [/d:dirlist] [/a:ColorAttribute] [strings] [[Drive:][Path] FileName [...]]

Ey!, que nos deja poner algunas expresiones regulares:

Referencias – http://www.microsoft.com/