View Full Version : Trojan horse...a Hellenes poetic fancy !!
jackall
July 7th, 2008, 02:43
What is generic table API?
Where can i download GenericTable.exe from?
While reading the book by Eldad Eilam, i needed to download the code for the book and I see this instruction at the publishers site:
" PLEASE READ BEFORE DOWNLOADING THIS FILE
Backdoor.Hacarmy.D: This is a Trojan/backdoor type malware program that was distributed in 2004. It is non-contagious, but it connects to a central server through which an attacker could theoretically connect to the infected system and control or damage it. The central servers have been taken down long ago, so in its current state the program should be nonetheless harmless. It is not advisable to install the program on a system unless that system was specifically installed for testing purposes and is detached from the network. ”
Can i ignore the caution and download the file?
Thank you…
dELTA
July 7th, 2008, 07:49
Always use virtual machines (containing no important, sensitive or valuable data) for malware analysis, and wipe them immediately after the analysis (e.g. with virtual disk snapshots).
Quote:
Always use virtual machines for malware analysis, and wipe them immediately after the analysis. |
could you please explain in few words what a virtual machine is . how /where to get one..
Hope im not asking too much.
--Ego
dELTA
July 7th, 2008, 08:08
Research the following tools, and you will know:
http://www.woodmann.com/collaborative/tools/Category:Virtual_Machines
naides
July 7th, 2008, 08:15
@jackall: Question 3 About the Eldad book: In his materials he included some malware as an example. It WILL be detected and zapped by any antivirus you have active. On the other hand, the files are clearly marked. You will not get infected without your knowledge, so go ahead and d/l the files. Follow dELTAs advice and do all your stuff inside a VM, which you can isolate from the network, run without antivirus, and wipe clean when you are done.
Regarding Questions 1 and 2. . . Not clear at all. could you provide more context??
jackall
July 7th, 2008, 09:37
naides …
You seem to have right response geared up for every topic placed here.
i followed your earlier advice and moved to bcc32 with Borland C++. initially i disliked it, especially of the command line part of it. iam getting used to it i‘am beginning to see the sense of your persuasion
(C +bcc32+ -v) is real visual delight of decompilation.
Back to the present, your clarification is very practical on the subject of the ‘malware’ i needed to download.
in the meantime, dELTA has thrown in another tool ; Virtual machine ….
need to learn, how to use this weapon...
Regards…
Regarding Ego' s reply , i collected the following information from the net
Virtual Machine is an : "isolated duplicate of a real machine ".
Virtual machines are of two categories.
(A)-A system virtual machine provides a complete system platform which supports the execution of a complete operating system .
(B)-A process virtual machine is designed to run a single program, which means that it supports a single process.
An essential characteristic of a virtual machine is that the software running inside is limited to the resources and abstractions provided by the virtual machine .
i have no idea how to or what VM is used for – may be someone could give additional information to this point .
-hope these helps--
Quote:
[Originally Posted by jackall;75687]What is generic table API?
Where can i download GenericTable.exe from? |
i have got the GenericTable.exe downloaded and iam attaching a copy .
i havenot opened it in my system. in case you open it without using a VM,let me also know the result .
I have moved this Thread to this Forum because of the subject matter. We do not want a Newbie thoughtlessly downloading a Trojan Horse, even a wooden one, without understanding what they may actually be doing.
Regards,
Quote:
[Originally Posted by dELTA;75691]Always use virtual machines (containing no important, sensitive or valuable data) for malware analysis, and wipe them immediately after the analysis (e.g. with virtual disk snapshots). |
Few hours before I didn’t know what a Virtual Machine was. Now iam curious to know about it.
To get an idea about it, I suppose i need to download a process virtual machine.
I followed the link you have provided earlier but I couldn’t get a definite idea.
Please make a specific suggestion; the name of a Process Virtual Machine ?
thank you.
UPS! Now you get to hear from me, because you seem to think that "someone else" should do your basic research for YOU!
What the heck is wrong with YOUR favorite search engine? And it would be more productive if you pay attention to "small details." There is such a thing as a "Process Virtual Machine" which YOU can read up on, yourself, by putting that term in YOUR favorite search engine and YOU reading some of what YOU find.
However, dELTA suggested a "
'virtual machine' (containing no important, sensitive or valuable data) for malware analysis, and wipe them immediately after the analysis (e.g. with virtual disk snapshots)", which is something "different" from a "process virtual machine." And YES, YOU can also put that term into YOUR favorite search engine and YOU read up on what you discover. And when YOU understand the similarities and the differences, YOU can go about "searching" for one you might be able to purchase or even download.
That's WHY the internet and internet search engines were invented. So YOU could find information YOU want/need and maybe even find the "tools" that you want/need.
Now how about YOU begin doing the work you should have originally done.
Learning is a "process" and it is not aided by "instant gratification" preceeded by zero effort.
Regards,
JMI-
i have been reading your ‘replies’ for quite some time in the past and those verbalization , i often felt concealed a prejudiced tendency probably generated out of certain inadequacies. i have taken the time to reply to your to suggestion articulated in your last post; so that what i put across here may impart a salubrious effect on your future offerings . My intention is not to make any one feel unnecessarily uncomfortable and painful (if sensitive).
One sends children to school and later on to college to learn. Questions are asked and answered or at least ignored for being irrelevant or for being beyond comprehension at that stage. One is not advised to sit back home and Google it.
Have you heard of Google? That is what t search engines are for?
That's WHY the internet and internet search engines were invented.
Learning is a "process" and it is not aided by "instant gratification" preceeded by zero effort.
These breed of comments are degenerating to sickening nauseating cliché.
I dislike such an atmosphere –
It seems that you are capable of moving data around. My last request to you thru this forum is remove my name and connected data from your data base. You won’t be hearing from me again…
Cheer up-
Actually, ego, I am already quite "cheery" and your revealing choice of username tends to confirm your attitude about the process of learning, rather than my own.
As with any "society," this one has a set of constructs, which may be loosely referred to as "Rules of Conduct," which we generally expect newly joining members to both read and observe in certain, rather basic ways, clearly spelled out in our frequently referenced "FAQ." I did not make these "Rules of Conduct" and do not have my personal ego attached to them, but I do attempt to "teach" what is expect of those who attempt to seek "knowledge" which may be available on these Forums. You are the one who made a "choice" to ignore clearly spelled out and fairly simple to follow "Rules of Conduct" for "this particular society". This speaks more clearly about your attitude, than my own.
Speaking as a parent of grown and educated children, we actually send our children to school, and perhaps to college, and sometimes beyond, hoping to expose them to the "process of learning." What we hope for is that "they" acquire the skill set necessary to succeed at "the process of learning", so that it may become a life long journey of developing new and different interest which they may then pursue as their curiosity is aroused by new subject matter and interests.
Since learning is, indeed, a "process," simply giving an answer to a question if often not the "better" course of response, and is certainly not the "best" response to a question which demonstrates lack of personal effort at discovering an answer which would be readily discoverable with the application of a minimum of personal effort.
It is somewhat similar to the old adage: “Give a man a fish; you have fed him for today. Teach a man to fish; and you have fed him for a lifetime." You apparently only wanted "food for your brain" for "right now" and I was attempting to teach you how to find "food for your brain" whenever you felt you needed some.
There is a famous play on words, widely attributed to Dorothy Parker, that "You can lead a whore to culture, but you can't make her think!" I was attempting to led you to "the path through the dark codewoods" where you would be able to find, or at the least, attempt to find, for and by yourself, answers to questions which "you" formulated and could have discovered, yourself, with just some minimal personal effort.
I told you to make such a personal effort both because it is "required" by those "Rules of Conduct" for these Forum and because it is, actually, the best way for you to learn what you sought. I attempted to assist you on that "path" by correcting an error of comprehension or interpretation which you had apparently made about the subject matter and tried to give you search criteria you could have utilized to find what you sought.
Regards,
I was only trying to help when i uploaded that file. It is as harmless as any other file.
It is unfortunate that it caused such a disorder resulting in the shifting of the topic to another section.
I did not change the file extension. I did not protect the file with a password. So, my post and the attachment could easily been deleted.
This Thread was moved here because the Thread starter began the discussion about a Trojan Horse, of the software variety, and inquired about downloading. I moved it to this Forum for that reason, and not specifically having anything to do with your attachment.

Since he had mentioned the name of the Trojan, I wanted to be cautious about "newbies" searching for that particular file and downloading it without sufficient precautions.
There was no intent in any of my comments here to address criticism to your attachment.
Regards,
jackall
July 9th, 2008, 23:11
Will this blame game ever end..?
Is there no saner voice around..?
JMI
July 10th, 2008, 00:14
What would you prefer? Existentialism?
Since your original question seems to have been answered by naides and dELTA, following which, you went off to study virtual machines. What more do you seek or have to contribute? We await enlightenment!
Regards,
Aimless
July 10th, 2008, 03:01
Ummm.... Ego, all you have to do is type in "Virtual Machine" in google and you'll get the results.
There are commercial virtual machines and open source ones.
If your purpose is to test trojans, you can find commercial virtual machines and their keygens flooding the web. If your purpose is to study the virtual machine itself, you can download the source for the open source virtual machines and study them.
There are also virtual machines that will load entire OS-es and others that will load just processes virtually.
You decide what's best for you.
And jackall, if someone can't type in two words in Google and search, and THEN if JMI has chided them, what's the problem?
However, I hope all's well that ends well and you guys keep coming to this board. Shucks! Its not a bad place at all... I've been here for more than 6 years here now...
Have Phun
jackall
July 10th, 2008, 03:56
Existentialism.
Iam not sure if it is a self reference or if you are addressing me as an existentialist.
Anyway...
Most of the people who are making use of this word would be rather confused if asked to explain its meaning. It has become a style(decades old) , for people to declare that ‘He is / iam an existentialist ‘.
The word is now so loosely used to mean so many things that it no longer means anything at all.
In spite of that...
If you are still seemed to be interested and if you need further “enlightenment “in this area which normally is a prerogative of intelligentsia , you may start with Frances Kafka’s “Metamorphosis “ .
I started reading it two years back and not completed yet.
Avoid treading over Existential Nihilism
Best wishes...
blabberer
July 10th, 2008, 05:18
wow so many exotic words never knew these words could actually be used
regarding sending childrens to school to LEARN yes childrens are sent to school and during thier infant years they are made to memorize the alphabets whole kindergarten years are spent just to make 26 letters and 10 numerals imbibed forever in thier memory if one chooses to send his/her child to an english medium montessory
and the child never asks // is encouraged to ask // either by thier teachers // and or by thier parents/// or by thier classmates // buddies // WHY SHOULD I MEMORIZE// SING// KEEP ON ROTING// WRITE IMPOSITIONS // this shit 36 letters
the child never is let to ask why cant the teacher tell me what A or B or C or 1 or 2 "IS" every time i need an alphanum
and situation may arise in his / her lifetime where there might not be a teacher present
i simply didnt know what either salubrious or Existential really meant and i was searching google for an answer
and i dont consider myself deficient in English though im not a native Speaker of Queens Language
one may ask is googling possible every time
but since one is posting to forum it is assumed that he/she is connected to internet
and googling or yahooing or searching in general should be the first line of choice before posting a question
and that is what JMI was / is / will be telling/posting as a reply if the question in question doesnt look like a properly researched question
EGO to be frank i just googled your exact question
Code:
Results for how / where to get virtual machine (without quotes):
Microsoft Virtual PC 2004This document presents a technical overview of Virtual PC and how it can benefit your company. Get the XPS viewer (What is XPS?) ...
www.microsoft.com/windows/products/winfamily/virtualpc/default.mspx - 79k - Cached - Similar pages
Download details: Virtual PC 2007Download the full version of Microsoft Virtual PC 2007.
www.microsoft.com/downloadS/details.aspx?FamilyID=04d26402-3199-48a3-afa2-2dc0b40a73b6&displaylang=en - 32k - Cached - Similar pages
More results from www.microsoft.com »
and following the first link you get to see microsofts vpc and a FREE download to start with
if you are going to say the manufacturers description / faqs/ blogs linked / white papers / are insufficient Even to Start With
then even god if he existed cant answer your question and probably would be redirecting you to google heaven
so there is nothing wrong or any inadequate nauseating cliches quoted over and over by anybody over here
one is simply asked to do thier own basic research and then ask a question where even we cant find the answer in google's first page listings
do you really think every one who answers here know the stuff by heart
NO 95 % of the time we google and quote googles answers as ours and we hate doing that
we enjoy only the 5 % remaining quetions that are real
we learn and the poster learns in the process and someone who is subsequently searching do learn
jackall
July 10th, 2008, 06:25
blabberer –
You need not know the meaning of the word salubrious nature; you are probably born with that quality or it is instilled by your parents and conditioned by the environment you grew up.
Let me site a relevant outcome :
In response to one of my earlier request, you started with the following line: “reference to bcc and OllyDbg that’s my playground” and subsequently you added more than 90 lines of instruction to it and ended with a screenshot of OD.
Why did you do that?
You taught me the use of MB_TOPMOST ?
Again the use of (-v ) with bcc32 ?
Why?
Are you still curious to know the meaning of salubrious nature?
Earlier a paraphrase of a phrase is used here that "You can lead a whore to culture, but you can't make her think!”.
How true it is.
Regards...
blabberer
July 10th, 2008, 06:58
no iam not conducive enough
anyway google told me what it could mean and what else it could imply
Quote:
We just had a scrap at work.... A colleague asked what salubrious means and I explained it. He then wanted to know why everyone uses the word in the context of a "salubrious establishment," normally meaning a pub or bar.... At least seven other colleagues joined in the discussion with one of them explaining, very confidently, that it really means a place with nice decor, comfortable, not down-market....We raced to do an Internet search and he crowed at the many, many examples of salubrious--which he spelled as "celubrious"--used in the "nice decor" context. Do you have any idea where "celubrious" came from and why so many use what I think is a made-up word in such a consistent fashion?
After picking myself up off the floor (having fallen down laughing), I checked out the "celubrious" spelling on the Google Web search engine. The first thing I saw was their very smart question: "Did you mean salubrious?" I think you're getting a lot of hits for this spelling simply because of the nature of the Internet: misquotes, misspellings, misprisions, and every other sort of misinformation can spread at an astounding rate. And GIGO (garbage in, garbage out) applies: if you go looking up the wrong spelling, you're bound to find it. That doesn't make it correct: it just means a bunch of other people didn't bother to look it up in a reputable dictionary either.
This spelling looks to me like a case of someone never having seen the word in print, and guessing that it had something to do with celebratory, as this randomly picked sample from the Web shows: "I trust you have recovered from any celubrious activities during the festive period." Indeed, what the Web citations of this spelling show is that Internet use tends to give a false legitimacy to mondegreens.
The only real spelling of the word that is pronounced (suh-LOO-bree-us) is salubrious. Its nearest synonyms are "healthful" and "wholesome," and its spelling and meaning have changed little since English borrowed the Latin adjective salubris in the mid-16th century. It is used to describe a place, environment, or activity that promotes good health. So a spa is a salubrious place; hiking is a salubrious activity; certain vitamins are recommended for their salubrious effects.
The source of the confusion, I suspect, is in the use of insalubrious to warn people off dangerous, unsanitary places. Pubs, taverns, theaters, and dance halls, as well as red-light districts and ghettoes, were historically proscribed as insalubrious by those whose economic privilege allowed them to avoid such places. At the core of this disdain is the fear of disease--a quite legitimate fear in the days before proper sanitation and antibiotics, and the reason we still have health inspectors today.
As overall health conditions improved in English-speaking countries, insalubrious lost some of its association with health, and is now often used to mean something closer to unsavory, which can simply mean 'not very pleasant'. And its opposite, salubrious, began to be used to describe, indeed to advertise, a place that was surprisingly well-lit and clean given what went on there (drinking, eating, performing, and other public activities that were highly suspect at the time). A vestige of this use is detectable in your colleague's description "not down-market."
That being said, if you do your Internet search on the correct spelling, you'll find that the usage hews much more closely to the still-current and central meaning of 'health-promoting'. When you choose to use salubrious to compliment an establishment such as a hotel or restaurant that is not connected with a spa, you are saying, at minimum, that it is clean and safe to stay or eat there--but you are really implying that you're surprised by the fact. In other words, the restroom floor wasn't sticky, and there was nothing with six legs moving in your lasagna--not that it had 400-thread-count linens and a tastefully mood-lit ambience. But better still to save such an apt adjective to describe that trip to the hot springs in Iceland that perked you up in February. Using salubrious to mean 'recommendable because of its décor' is a real stretch; I'd be sad to see it become the prevalent meaning, because it waters down what is truly a useful word.
Wendalyn
|
JMI
July 10th, 2008, 07:30
Actually jackall, I'm substantially older than most of the members here.
I actually read some of the works by
Nietzsche, Camus, Kierkegaard,and Kafka back during my university days in the mid to late 1960's.
I even acted part of one of Kafka's plays for an acting class, but my major was history, not philosophy.
And since a "salubrious" nature refers to being "favorable to, or promoting
health"
, perhaps you are confusing it with having a
helpful nature. Health is generally not "instilled by one's parents," other than by their gene pool contributions or the environment in which they may have raised you.
Regards,
jackall
July 10th, 2008, 09:05
.... help cannot be instilled but helpful nature could be ....
jackall
July 11th, 2008, 06:37
Quote:
[Originally Posted by naides;75699].... and do all your stuff inside a VM, which you can isolate from the network, run without antivirus, and wipe clean when you are done. |
i have the VMware-Server- installer 1.0.5 got downloaded but not installed yet . can you add a few more words to clarify the meaning of "isolate from net " and " wipe clean when you are done ".
Regards...
Silkut
July 11th, 2008, 06:51
In fact using Virtualization products (specially vmware which is my favourite one) is quite intuitive

: You can bridge virtual interfaces to your real interface so you can access the net from your virtualized OS, you can create virtual networks to connect your VM together.. As previously said it is not recommended to analyze some dangerous programs while sharing a connection with your host system or while connected to the net. You can also isolate the virtual machine from it's host (the real OS) by disactivating shared folders etc.. there's an entire menu for that kind of interest.
I guess "to wipe clean" means using the snapshot system: When you do a proper install of your virtual operating system and all the tools you need, you then do some snapshot of this environment (quite similary to ghosting a disk or a system restauration point if you're used to windows management). You do your nasty stuff on your nasty programs, when you're finished you can "revert" the virtual machine to its previous state: fresh and clean. You can do several snapshot corresponding to different state (clean, compromised, different confs..).
EDIT: If your wonders are only vmware-related i strongly suggest you to read the documentation and to browse the community forums. Good source of knowledge.
naides
July 11th, 2008, 07:47
I have not played with VMware-Server, I do my stuff in VMware-Workstation but I would assume they are close enough.
This is what I mean one step at a time.
-Create a New Virtual Machine.
-Install your Windows OS, using your original CD or DVD, or better an ISO image (Is much faster reading from a hard drive that from a CD player)
-Install inside the VM your analysis tools, a skeleton collection of utilities.
-Save a copy of your VM: even if you fuck-up beyond recognition, you always have a backup to start again.
-now -use- your work version (Don't touch the backup version, you can always make new copies, which is nothing more than copying a folder in your computer).
-Setup a snapshot of your working VM
-Install your malware, time protected software, unknown stuff.
-If you want to prevent your VM from accessing the net, turn off the virtual network card.
-If you want to isolate your VM from your real machine completely, turn off the folder sharing and do not copy anything from the VM into the real machine.
Now you can experiment: Make snapshots often. If something goes wrong, you can back step 1 ,2 times, by deleting the current VM snapshot, activating a previous snapshot, and then correct your mistakes.
-Go Crazy: You can use VM for a lot of things beside RCE. You can have a virtual machine with all your p0rn inside it, You can make a copy of your real machine at work and install it on a VM, you can simultaneously run Windows XP, Windows VISTA, windows 98, Linux in all its flavors, switch back and forth at the click of a mouse. You can make movies in the visual as well as programmatic sense then replay. Your HD capacity is the limit. VM perform decently with some 10-25% overhead price in system resources. However, resource expensive parts of your hardware such as high end 3D videocards and 7.1 digital sound are not emulated so you will have to do your heavy gaming/multimedia in your real machine (at least for now).
Questions?
jackall
July 11th, 2008, 08:06
Silkut ..Thanks.
i neither have much of an idea of nor do i have that kind of a skill needed to analyze a malware.
i would go thru your post a couple of times more , may be i would gain a little more understanding . Perhaps it would make it a bit easier for me to understand the use of or how to use a VM .
Regards..
jackall
July 11th, 2008, 08:32
naides ..
You have provided tons and tons of information on V M .
i was feeling a bit unfocused and a little gloomy and your “ You can have a virtual machine with all your p0rn inside it “ , was exactly the kind assurance i needed at this moment .
And this makes me smile . you are a mind reader !.
Thank you….
ant
July 12th, 2008, 03:24
I was following this thread from the beginning reading all posts and trying to understand the information made available here. So my entry to this specialized zone(Malware analysis &unpacking ) is not intentional ; my stay here is temporary ; I will be back to where I long ; newbie territory .
Discussion was, I thought about Virtual machine. Then I find the term -VM ware-Server- used. My impression of a server say a -Google server- is a large machine with many hard disks storing data of hundreds of web sites and it sends s a copy of this data to anyone request for it. How the term –Server- is used here if no such functionality exists here.
Silkut says
Code:
You can bridge virtual interfaces to your real interface so you can access
the net from your virtualized OS.
Let me see if I follow it - - A real interface say for example My keypad which is real can be ‘connected ‘ to a virtual keypad ( one that exist in essence but not in form ) . Similarly I can create hard disk; RAM and install Xp in that hard disk all virtual none has existence in form and but does all functions of a real one. Can I say something like making the image in mirror do the work for you ?
naides has given a number of ways a VM can be used for – especially the simultaneous running of Xp and Linux appeals to me most-.
I am a little out of my depth here, if this trespass annoys anyone, I may be excused.
Thank you-
Silkut
July 12th, 2008, 05:38
Hello,
You can refer to the term "server" by meaning something else than server hardware/machine (server technologies for example are very specific to this side of computing). The term VMWare "server" is firstly a commercial term. But there is some differences between the "Workstation" and the "Server" product (ie server processors, a large amount of ram, specific technologies like RAID etc...), you can also run several VM at the same time, and you can -under vmware server- remotely manage those VM (And by remote I do not mean like a ssh/telnet/vpn tunnel through a network).
You can learn more about those differences here:
http://en.wikipedia.org/wiki/VMware and on the official website.
What you did quoted from me is a tip for a very specific situation (the second one in the examples below):
1/ Imagine you have two virtual machines that you want to talk to each other, it would look like something like that.
Code:
REAL BOX(VM WinXP----*ping*-----VM Ubuntu)
2/ Now imagine you would like to make one of those VM talk to the Net through the real box (the host), it will look like something like that.
Code:
Intertube----REAL BOX(----*ping*----VM WinXP----*ping*----VM Ubuntu)
The connection to the Internet through the host and the WinXP is possible by bridging the common interfaces between the host and the WinXP.
Quote:
A real interface say for example My keypad which is real can be ‘connected ‘ to a virtual keypad ( one that exist in essence but not in form ) . Similarly I can create hard disk; RAM and install Xp in that hard disk all virtual none has existence in form and but does all functions of a real one. |
When I use the word "interface" here, I mean network interface. You already have the example of a virtual keyboard: you have the real one on your desk, and you have a "software" one in Windows if you are somehow disabled. Virtual machines are working like that: you have your real box with your real proc, ram, disk etc.. and you have the virtualized one inside the real one, a software using the hardware to make an OS run inside a window, like an emulator.
If you're interested in them, google for some tuts, vmware server is free and there is a lot of free and/or open source solutions: qemu, xen, virtualbox..
regards.
jackall
July 15th, 2008, 08:07
The ubuntu is downloaded and md5sum checked and this image file is burned to cd using ImgBurn. I have the VMware server also ready in the folder.
i need the VM and ubuntu for, say reversing purpose only i.e i donot want to use XP(which is already installed in) for these activities.
So,
Which one do I need to install first ?.
Ubuntu!
Or
VMware server!
Or the order of install doesn’t matter at all!
Regards...
naides
July 15th, 2008, 08:55
1. Install VM_server on your windows OS.
2. When VM-server is running, choose create new VM: Choose Linux, Ubuntu
3. Start your VM
4. Either place your Ubuntu CD on the CD player, or better, before starting the VM, redirect the VM virtual CD to the Ubuntu .ISO image.
jackall
July 15th, 2008, 11:29
Thank you for your almost immediate response; for your clear-cut clarification.
Regards…
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.