How do you figure out the difference between a broken sample or a sample that is advanced enough to detect VMware or malware analysis tools?

I have this 16-bit sample (at least i think its 16-bit, but PE still says "this program cannot be run in DOS mode" I took it off of a system infected with the FBI moneypak malware. it was the only malicious program I could find.) and since I am new to debugging I haven't exactly cultivated a working knowledge of assembly. But it doesn't run. I've tried to run it in both a virtualbox guest OS and on a native OS (both win7), but it never appeared to do anything that I could find with sysinternals.

So how do I determine what this is and if it is an actual working sample or if it is broken? MSE detected it and I "allowed" it then simply copied the file from the path provided (the drive was wiped afterwards). I assumed it might be obfuscated but PEiD didn't seem to detect any of the common packing algorithms.

Any help would be great! Also, the sample is available upon request, I just didn't want to toss it up on the thread without someone looking for it.

Hi, welcome to the board. You're welcome to attach the file if you wish and I'm sure someone will take a look at it. Just zip and password protect the attachment (i.e. password "malware" or something).