Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Question|IDA PRO (https://forum.exetools.com/showthread.php?t=16475)

Stitch 01-23-2015 21:03
Question|IDA PRO
 
Hello!
I downloaded IDA PRO 6.6, 6.5 and wanted to know how can I check if the file I got is a clean(no virus) version.

Thanks!

Conquest 01-23-2015 22:01
Quote:
Originally Posted by Stitch (Post 96901)
Hello!
I downloaded IDA PRO 6.6, 6.5 and wanted to know how can I check if the file I got is a clean(no virus) version.

Thanks!
IDA is a disassembler, not a antimalware product. Your question itself isnt invalid but the question is something like this "how can i make Apollo 11 with a hammer " .
Anyway , to be specific to your question - you have to make sure 1. you unpacked the file(if its packed) , 2. dont run the file by mistake (use a lab environment thats why) . Then figure out what it will do/does (Again running it in a sandboxed environment environment will yield your result much easier) . This is the basics . But each of the steps involve complexity . You can check different malware analysis sites on the net for examples

h8er 01-28-2015 05:28
I recommend you to read Practical Malware Analysis, it's a very good introduction to the subject

sendersu 01-28-2015 05:57
Quote:
Originally Posted by Stitch (Post 96901)
Hello!
I downloaded IDA PRO 6.6, 6.5 and wanted to know how can I check if the file I got is a clean(no virus) version.

Thanks!
maybe Ilfack puts somewhere MD5 of his genuine instlalers? (not sure)...

ontryit 01-28-2015 11:02
May be registered users can ask Ilfack about the MD5/SHA1 or check it by him self, and be kind to post the hash value here. So our in this forum can be sure that the setup was original.

(sorry for my terrible English)

Stitch 02-02-2015 03:12
Quote:
Originally Posted by h8er (Post 97009)
I recommend you to read Practical Malware Analysis, it's a very good introduction to the subject
Thank you for the response. Is the assembly subject in the book is for beginners or I shouldn't start from there?
I have no problem start from there just want to read more opinions and thoughts.

Quote:
Originally Posted by Conquest (Post 96906)
IDA is a disassembler, not a antimalware product. Your question itself isnt invalid but the question is something like this "how can i make Apollo 11 with a hammer " .
Anyway , to be specific to your question - you have to make sure 1. you unpacked the file(if its packed) , 2. dont run the file by mistake (use a lab environment thats why) . Then figure out what it will do/does (Again running it in a sandboxed environment environment will yield your result much easier) . This is the basics . But each of the steps involve complexity . You can check different malware analysis sites on the net for examples
The question is clear, the reader isn't clear. I downloaded Detect It Easy but it doesn't show me anything suspicious, I asked this question because Ollydbg 1.10 gave me an error on opened in OS 8.1.
x64/32_dbg I have no idiea about it. Just wanted to check IDA and about running VMware I will do it later. I thought I can find my answer here.


Sorry if spammed or uncleared, just cannot find instructions at google. Thanks all for response and please don't junk.

Conquest 02-02-2015 11:50
Quote:
Originally Posted by Stitch (Post 97138)
Thank you for the response. Is the assembly subject in the book is for beginners or I shouldn't start from there?
I have no problem start from there just want to read more opinions and thoughts.


The question is clear, the reader isn't clear. I downloaded Detect It Easy but it doesn't show me anything suspicious, I asked this question because Ollydbg 1.10 gave me an error on opened in OS 8.1.
x64/32_dbg I have no idiea about it. Just wanted to check IDA and about running VMware I will do it later. I thought I can find my answer here.


Sorry if spammed or uncleared, just cannot find instructions at google. Thanks all for response and please don't junk.
Please describe your problem accurately. At this point i am clueless about what you are even talking about. Once again IDA is for analyzing malwares(or any piece of software which ida analysis module can support).
It cannot detect Malwares.

My closest assumption is that you are asking if file is packed or not. You can check that by loading it up in any diassembler. there is no standard thumb rule to do so. But usually packed files have custom stub for unpacking and oep re-routed to this custom stub. Use available 3rd party packer analyzers for now.

leetone 02-02-2015 14:43
This is just a classic case of a new malware reverser wanting to jump headfirst into reversing with IDA Pro 6.6 instead of taking a step back and READING SOME RECCOMENDED LITERATURE by many many many members of every reversing community ever...:

Reversing: Secrets of Reverse Engineering - by Eldad Elium

The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler - by Chris Eagle

but for both of these it would help to know how to program before....I suggest you don't use any of this crap and learn some C++.

tK! 02-15-2015 15:47
i Think some of you guys give the wrong answer to "Stitch"

he Downloaded IDA Pro v6.6 , 6.5 and he want use it ! he asking how be sure the file he downloaded is Clean ! i mean IDA itself ! no virus or trojan binded.

Git 02-15-2015 20:21
tK! - yes, that was my opinion too. I believe some or all of the full installer exe files did have an MD5 given.

Git

Chaoslord 02-17-2015 01:48
Quote:
Originally Posted by Git (Post 97697)
tK! - yes, that was my opinion too. I believe some or all of the full installer exe files did have an MD5 given.

Git
Most of them, do


All times are GMT +8. The time now is 07:06.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX