What is generic table API?
Where can i download GenericTable.exe from?

While reading the book by Eldad Eilam, i needed to download the code for the book and I see this instruction at the publishers site:
" PLEASE READ BEFORE DOWNLOADING THIS FILE
Backdoor.Hacarmy.D: This is a Trojan/backdoor type malware program that was distributed in 2004. It is non-contagious, but it connects to a central server through which an attacker could theoretically connect to the infected system and control or damage it. The central servers have been taken down long ago, so in its current state the program should be nonetheless harmless. It is not advisable to install the program on a system unless that system was specifically installed for testing purposes and is detached from the network. ”

Can i ignore the caution and download the file?

Thank you…

Always use virtual machines (containing no important, sensitive or valuable data) for malware analysis, and wipe them immediately after the analysis (e.g. with virtual disk snapshots).

could you please explain in few words what a virtual machine is . how /where to get one..
Hope im not asking too much.

--Ego

Research the following tools, and you will know:

http://www.woodmann.com/collaborative/tools/Category:Virtual_Machines

@jackall: Question 3 About the Eldad book: In his materials he included some malware as an example. It WILL be detected and zapped by any antivirus you have active. On the other hand, the files are clearly marked. You will not get infected without your knowledge, so go ahead and d/l the files. Follow dELTAs advice and do all your stuff inside a VM, which you can isolate from the network, run without antivirus, and wipe clean when you are done.

Regarding Questions 1 and 2. . . Not clear at all. could you provide more context??

naides …
You seem to have right response geared up for every topic placed here.

i followed your earlier advice and moved to bcc32 with Borland C++. initially i disliked it, especially of the command line part of it. iam getting used to it i‘am beginning to see the sense of your persuasion
(C +bcc32+ -v) is real visual delight of decompilation.

Back to the present, your clarification is very practical on the subject of the ‘malware’ i needed to download.

in the meantime, dELTA has thrown in another tool ; Virtual machine ….
need to learn, how to use this weapon...

Regards…

Regarding Ego' s reply , i collected the following information from the net
Virtual Machine is an : "isolated duplicate of a real machine ".

Virtual machines are of two categories.
(A)-A system virtual machine provides a complete system platform which supports the execution of a complete operating system .
(B)-A process virtual machine is designed to run a single program, which means that it supports a single process.

An essential characteristic of a virtual machine is that the software running inside is limited to the resources and abstractions provided by the virtual machine .

i have no idea how to or what VM is used for – may be someone could give additional information to this point .
-hope these helps--

i have got the GenericTable.exe downloaded and iam attaching a copy .
i havenot opened it in my system. in case you open it without using a VM,let me also know the result .

I have moved this Thread to this Forum because of the subject matter. We do not want a Newbie thoughtlessly downloading a Trojan Horse, even a wooden one, without understanding what they may actually be doing.

Regards,

Few hours before I didn’t know what a Virtual Machine was. Now iam curious to know about it.
To get an idea about it, I suppose i need to download a process virtual machine.
I followed the link you have provided earlier but I couldn’t get a definite idea.
Please make a specific suggestion; the name of a Process Virtual Machine ?

thank you.

UPS! Now you get to hear from me, because you seem to think that "someone else" should do your basic research for YOU!

What the heck is wrong with YOUR favorite search engine? And it would be more productive if you pay attention to "small details." There is such a thing as a "Process Virtual Machine" which YOU can read up on, yourself, by putting that term in YOUR favorite search engine and YOU reading some of what YOU find.

However, dELTA suggested a "'virtual machine' (containing no important, sensitive or valuable data) for malware analysis, and wipe them immediately after the analysis (e.g. with virtual disk snapshots)", which is something "different" from a "process virtual machine." And YES, YOU can also put that term into YOUR favorite search engine and YOU read up on what you discover. And when YOU understand the similarities and the differences, YOU can go about "searching" for one you might be able to purchase or even download.

That's WHY the internet and internet search engines were invented. So YOU could find information YOU want/need and maybe even find the "tools" that you want/need.

Now how about YOU begin doing the work you should have originally done.

Learning is a "process" and it is not aided by "instant gratification" preceeded by zero effort.

Regards,

JMI-

i have been reading your ‘replies’ for quite some time in the past and those verbalization , i often felt concealed a prejudiced tendency probably generated out of certain inadequacies. i have taken the time to reply to your to suggestion articulated in your last post; so that what i put across here may impart a salubrious effect on your future offerings . My intention is not to make any one feel unnecessarily uncomfortable and painful (if sensitive).

One sends children to school and later on to college to learn. Questions are asked and answered or at least ignored for being irrelevant or for being beyond comprehension at that stage. One is not advised to sit back home and Google it.

Have you heard of Google? That is what t search engines are for?
That's WHY the internet and internet search engines were invented.
Learning is a "process" and it is not aided by "instant gratification" preceeded by zero effort.

These breed of comments are degenerating to sickening nauseating cliché.
I dislike such an atmosphere –

It seems that you are capable of moving data around. My last request to you thru this forum is remove my name and connected data from your data base. You won’t be hearing from me again…

Cheer up-

Actually, ego, I am already quite "cheery" and your revealing choice of username tends to confirm your attitude about the process of learning, rather than my own.

As with any "society," this one has a set of constructs, which may be loosely referred to as "Rules of Conduct," which we generally expect newly joining members to both read and observe in certain, rather basic ways, clearly spelled out in our frequently referenced "FAQ." I did not make these "Rules of Conduct" and do not have my personal ego attached to them, but I do attempt to "teach" what is expect of those who attempt to seek "knowledge" which may be available on these Forums. You are the one who made a "choice" to ignore clearly spelled out and fairly simple to follow "Rules of Conduct" for "this particular society". This speaks more clearly about your attitude, than my own.

Speaking as a parent of grown and educated children, we actually send our children to school, and perhaps to college, and sometimes beyond, hoping to expose them to the "process of learning." What we hope for is that "they" acquire the skill set necessary to succeed at "the process of learning", so that it may become a life long journey of developing new and different interest which they may then pursue as their curiosity is aroused by new subject matter and interests.

Since learning is, indeed, a "process," simply giving an answer to a question if often not the "better" course of response, and is certainly not the "best" response to a question which demonstrates lack of personal effort at discovering an answer which would be readily discoverable with the application of a minimum of personal effort.

It is somewhat similar to the old adage: “Give a man a fish; you have fed him for today. Teach a man to fish; and you have fed him for a lifetime." You apparently only wanted "food for your brain" for "right now" and I was attempting to teach you how to find "food for your brain" whenever you felt you needed some.

There is a famous play on words, widely attributed to Dorothy Parker, that "You can lead a whore to culture, but you can't make her think!" I was attempting to led you to "the path through the dark codewoods" where you would be able to find, or at the least, attempt to find, for and by yourself, answers to questions which "you" formulated and could have discovered, yourself, with just some minimal personal effort.

I told you to make such a personal effort both because it is "required" by those "Rules of Conduct" for these Forum and because it is, actually, the best way for you to learn what you sought. I attempted to assist you on that "path" by correcting an error of comprehension or interpretation which you had apparently made about the subject matter and tried to give you search criteria you could have utilized to find what you sought.


Regards,

I was only trying to help when i uploaded that file. It is as harmless as any other file.
It is unfortunate that it caused such a disorder resulting in the shifting of the topic to another section.

I did not change the file extension. I did not protect the file with a password. So, my post and the attachment could easily been deleted.

This Thread was moved here because the Thread starter began the discussion about a Trojan Horse, of the software variety, and inquired about downloading. I moved it to this Forum for that reason, and not specifically having anything to do with your attachment. Since he had mentioned the name of the Trojan, I wanted to be cautious about "newbies" searching for that particular file and downloading it without sufficient precautions.

There was no intent in any of my comments here to address criticism to your attachment.

Regards,

Will this blame game ever end..?
Is there no saner voice around..?

What would you prefer? Existentialism?

Since your original question seems to have been answered by naides and dELTA, following which, you went off to study virtual machines. What more do you seek or have to contribute? We await enlightenment!

Regards,

Ummm.... Ego, all you have to do is type in "Virtual Machine" in google and you'll get the results.

There are commercial virtual machines and open source ones.

If your purpose is to test trojans, you can find commercial virtual machines and their keygens flooding the web. If your purpose is to study the virtual machine itself, you can download the source for the open source virtual machines and study them.

There are also virtual machines that will load entire OS-es and others that will load just processes virtually.

You decide what's best for you.

And jackall, if someone can't type in two words in Google and search, and THEN if JMI has chided them, what's the problem?

However, I hope all's well that ends well and you guys keep coming to this board. Shucks! Its not a bad place at all... I've been here for more than 6 years here now...

Have Phun

Existentialism.
Iam not sure if it is a self reference or if you are addressing me as an existentialist.

Anyway...
Most of the people who are making use of this word would be rather confused if asked to explain its meaning. It has become a style(decades old) , for people to declare that ‘He is / iam an existentialist ‘.
The word is now so loosely used to mean so many things that it no longer means anything at all.

In spite of that...
If you are still seemed to be interested and if you need further “enlightenment “in this area which normally is a prerogative of intelligentsia , you may start with Frances Kafka’s “Metamorphosis “ .
I started reading it two years back and not completed yet.

Avoid treading over Existential Nihilism
Best wishes...

wow so many exotic words never knew these words could actually be used

regarding sending childrens to school to LEARN yes childrens are sent to school and during thier infant years they are made to memorize the alphabets whole kindergarten years are spent just to make 26 letters and 10 numerals imbibed forever in thier memory if one chooses to send his/her child to an english medium montessory

and the child never asks // is encouraged to ask // either by thier teachers // and or by thier parents/// or by thier classmates // buddies // WHY SHOULD I MEMORIZE// SING// KEEP ON ROTING// WRITE IMPOSITIONS // this shit 36 letters
the child never is let to ask why cant the teacher tell me what A or B or C or 1 or 2 "IS" every time i need an alphanum

and situation may arise in his / her lifetime where there might not be a teacher present

i simply didnt know what either salubrious or Existential really meant and i was searching google for an answer
and i dont consider myself deficient in English though im not a native Speaker of Queens Language

one may ask is googling possible every time
but since one is posting to forum it is assumed that he/she is connected to internet

and googling or yahooing or searching in general should be the first line of choice before posting a question

and that is what JMI was / is / will be telling/posting as a reply if the question in question doesnt look like a properly researched question

EGO to be frank i just googled your exact question




and following the first link you get to see microsofts vpc and a FREE download to start with
if you are going to say the manufacturers description / faqs/ blogs linked / white papers / are insufficient Even to Start With
then even god if he existed cant answer your question and probably would be redirecting you to google heaven

so there is nothing wrong or any inadequate nauseating cliches quoted over and over by anybody over here

one is simply asked to do thier own basic research and then ask a question where even we cant find the answer in google's first page listings

do you really think every one who answers here know the stuff by heart

NO 95 % of the time we google and quote googles answers as ours and we hate doing that

we enjoy only the 5 % remaining quetions that are real

we learn and the poster learns in the process and someone who is subsequently searching do learn

blabberer –

You need not know the meaning of the word salubrious nature; you are probably born with that quality or it is instilled by your parents and conditioned by the environment you grew up.

Let me site a relevant outcome :
In response to one of my earlier request, you started with the following line: “reference to bcc and OllyDbg that’s my playground” and subsequently you added more than 90 lines of instruction to it and ended with a screenshot of OD.
Why did you do that?
You taught me the use of MB_TOPMOST ?
Again the use of (-v ) with bcc32 ?
Why?
Are you still curious to know the meaning of salubrious nature?

Earlier a paraphrase of a phrase is used here that "You can lead a whore to culture, but you can't make her think!”.
How true it is.

Regards...

no iam not conducive enough

anyway google told me what it could mean and what else it could imply

Actually jackall, I'm substantially older than most of the members here.

I actually read some of the works by Nietzsche, Camus, Kierkegaard,and Kafka back during my university days in the mid to late 1960's. I even acted part of one of Kafka's plays for an acting class, but my major was history, not philosophy.

And since a "salubrious" nature refers to being "favorable to, or promoting health", perhaps you are confusing it with having a helpful nature. Health is generally not "instilled by one's parents," other than by their gene pool contributions or the environment in which they may have raised you.



Regards,

.... help cannot be instilled but helpful nature could be ....

i have the VMware-Server- installer 1.0.5 got downloaded but not installed yet . can you add a few more words to clarify the meaning of "isolate from net " and " wipe clean when you are done ".

Regards...

In fact using Virtualization products (specially vmware which is my favourite one) is quite intuitive : You can bridge virtual interfaces to your real interface so you can access the net from your virtualized OS, you can create virtual networks to connect your VM together.. As previously said it is not recommended to analyze some dangerous programs while sharing a connection with your host system or while connected to the net. You can also isolate the virtual machine from it's host (the real OS) by disactivating shared folders etc.. there's an entire menu for that kind of interest.

I guess "to wipe clean" means using the snapshot system: When you do a proper install of your virtual operating system and all the tools you need, you then do some snapshot of this environment (quite similary to ghosting a disk or a system restauration point if you're used to windows management). You do your nasty stuff on your nasty programs, when you're finished you can "revert" the virtual machine to its previous state: fresh and clean. You can do several snapshot corresponding to different state (clean, compromised, different confs..).

EDIT: If your wonders are only vmware-related i strongly suggest you to read the documentation and to browse the community forums. Good source of knowledge.

I have not played with VMware-Server, I do my stuff in VMware-Workstation but I would assume they are close enough.
This is what I mean one step at a time.
-Create a New Virtual Machine.
-Install your Windows OS, using your original CD or DVD, or better an ISO image (Is much faster reading from a hard drive that from a CD player)
-Install inside the VM your analysis tools, a skeleton collection of utilities.
-Save a copy of your VM: even if you fuck-up beyond recognition, you always have a backup to start again.
-now -use- your work version (Don't touch the backup version, you can always make new copies, which is nothing more than copying a folder in your computer).
-Setup a snapshot of your working VM
-Install your malware, time protected software, unknown stuff.
-If you want to prevent your VM from accessing the net, turn off the virtual network card.
-If you want to isolate your VM from your real machine completely, turn off the folder sharing and do not copy anything from the VM into the real machine.

Now you can experiment: Make snapshots often. If something goes wrong, you can back step 1 ,2 times, by deleting the current VM snapshot, activating a previous snapshot, and then correct your mistakes.

-Go Crazy: You can use VM for a lot of things beside RCE. You can have a virtual machine with all your p0rn inside it, You can make a copy of your real machine at work and install it on a VM, you can simultaneously run Windows XP, Windows VISTA, windows 98, Linux in all its flavors, switch back and forth at the click of a mouse. You can make movies in the visual as well as programmatic sense then replay. Your HD capacity is the limit. VM perform decently with some 10-25% overhead price in system resources. However, resource expensive parts of your hardware such as high end 3D videocards and 7.1 digital sound are not emulated so you will have to do your heavy gaming/multimedia in your real machine (at least for now).
Questions?

Silkut ..Thanks.

i neither have much of an idea of nor do i have that kind of a skill needed to analyze a malware.
i would go thru your post a couple of times more , may be i would gain a little more understanding . Perhaps it would make it a bit easier for me to understand the use of or how to use a VM .

Regards..

naides ..

You have provided tons and tons of information on V M .

i was feeling a bit unfocused and a little gloomy and your “ You can have a virtual machine with all your p0rn inside it “ , was exactly the kind assurance i needed at this moment .
And this makes me smile . you are a mind reader !.

Thank you….

I was following this thread from the beginning reading all posts and trying to understand the information made available here. So my entry to this specialized zone(Malware analysis &unpacking ) is not intentional ; my stay here is temporary ; I will be back to where I long ; newbie territory .

Discussion was, I thought about Virtual machine. Then I find the term -VM ware-Server- used. My impression of a server say a -Google server- is a large machine with many hard disks storing data of hundreds of web sites and it sends s a copy of this data to anyone request for it. How the term –Server- is used here if no such functionality exists here.

Silkut says

Let me see if I follow it - - A real interface say for example My keypad which is real can be ‘connected ‘ to a virtual keypad ( one that exist in essence but not in form ) . Similarly I can create hard disk; RAM and install Xp in that hard disk all virtual none has existence in form and but does all functions of a real one. Can I say something like making the image in mirror do the work for you ?

naides has given a number of ways a VM can be used for – especially the simultaneous running of Xp and Linux appeals to me most-.

I am a little out of my depth here, if this trespass annoys anyone, I may be excused.

Thank you-

Hello,

You can refer to the term "server" by meaning something else than server hardware/machine (server technologies for example are very specific to this side of computing). The term VMWare "server" is firstly a commercial term. But there is some differences between the "Workstation" and the "Server" product (ie server processors, a large amount of ram, specific technologies like RAID etc...), you can also run several VM at the same time, and you can -under vmware server- remotely manage those VM (And by remote I do not mean like a ssh/telnet/vpn tunnel through a network).
You can learn more about those differences here: http://en.wikipedia.org/wiki/VMware and on the official website.

What you did quoted from me is a tip for a very specific situation (the second one in the examples below):

1/ Imagine you have two virtual machines that you want to talk to each other, it would look like something like that.



2/ Now imagine you would like to make one of those VM talk to the Net through the real box (the host), it will look like something like that.



The connection to the Internet through the host and the WinXP is possible by bridging the common interfaces between the host and the WinXP.



When I use the word "interface" here, I mean network interface. You already have the example of a virtual keyboard: you have the real one on your desk, and you have a "software" one in Windows if you are somehow disabled. Virtual machines are working like that: you have your real box with your real proc, ram, disk etc.. and you have the virtualized one inside the real one, a software using the hardware to make an OS run inside a window, like an emulator.

If you're interested in them, google for some tuts, vmware server is free and there is a lot of free and/or open source solutions: qemu, xen, virtualbox..

regards.

The ubuntu is downloaded and md5sum checked and this image file is burned to cd using ImgBurn. I have the VMware server also ready in the folder.

i need the VM and ubuntu for, say reversing purpose only i.e i donot want to use XP(which is already installed in) for these activities.

So,
Which one do I need to install first ?.
Ubuntu!
Or
VMware server!

Or the order of install doesn’t matter at all!
Regards...

1. Install VM_server on your windows OS.
2. When VM-server is running, choose create new VM: Choose Linux, Ubuntu
3. Start your VM
4. Either place your Ubuntu CD on the CD player, or better, before starting the VM, redirect the VM virtual CD to the Ubuntu .ISO image.

Thank you for your almost immediate response; for your clear-cut clarification.

Regards…