I have stored safely away a "rogue dll."

It was caught because it masqueraded as a system dll and had a recent file date and had no version info.

Virusinfo misidentified it.

It's been renamed and the file extension as well.

I would like to study it safely with something similar to a debugger or maybe a passive type of analyzer.

I also use Linux, but could not find anything that can debug Windows PEs.

I would appreciate any recommendations.

Thanks.

IDA x86 Emulator plugin maybe? That would at least feed it system values which might make it behave normally for a time.

http://www.idabook.com/x86emu/

Thanks, I will check it out.

I have set up a Virtual Box with XP as the O.S.

I found some excellent info on malware forensic analysis at

xxxx-http://fumalwareanalysis.blogspot.com/2011/08/malware-analysis-tutorial-reverse.html

I have set up a guest account to study the "rogue item" using Windows Debugger and some other tools.

Back to bug hunting and dissection,
Andy