Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 01-23-2015, 21:03
Stitch Stitch is offline
Friend
 
Join Date: Sep 2014
Posts: 32
Rept. Given: 1
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 4
Thanks Rcvd at 12 Times in 8 Posts
Stitch Reputation: 3
Question Question|IDA PRO

Hello!
I downloaded IDA PRO 6.6, 6.5 and wanted to know how can I check if the file I got is a clean(no virus) version.

Thanks!
Reply With Quote
  #2  
Old 01-23-2015, 22:01
Conquest Conquest is offline
Friend
 
Join Date: Jan 2013
Location: 0x484F4D45
Posts: 120
Rept. Given: 46
Rept. Rcvd 29 Times in 17 Posts
Thanks Given: 30
Thanks Rcvd at 57 Times in 27 Posts
Conquest Reputation: 29
Quote:
Originally Posted by Stitch View Post
Hello!
I downloaded IDA PRO 6.6, 6.5 and wanted to know how can I check if the file I got is a clean(no virus) version.

Thanks!
IDA is a disassembler, not a antimalware product. Your question itself isnt invalid but the question is something like this "how can i make Apollo 11 with a hammer " .
Anyway , to be specific to your question - you have to make sure 1. you unpacked the file(if its packed) , 2. dont run the file by mistake (use a lab environment thats why) . Then figure out what it will do/does (Again running it in a sandboxed environment environment will yield your result much easier) . This is the basics . But each of the steps involve complexity . You can check different malware analysis sites on the net for examples
Reply With Quote
The Following 2 Users Gave Reputation+1 to Conquest For This Useful Post:
Debugger (01-24-2015), XorRanger (01-23-2015)
  #3  
Old 01-28-2015, 05:28
h8er h8er is offline
Friend
 
Join Date: Jan 2002
Posts: 41
Rept. Given: 46
Rept. Rcvd 7 Times in 6 Posts
Thanks Given: 110
Thanks Rcvd at 13 Times in 6 Posts
h8er Reputation: 7
I recommend you to read Practical Malware Analysis, it's a very good introduction to the subject
Reply With Quote
  #4  
Old 01-28-2015, 05:57
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 868
Rept. Given: 325
Rept. Rcvd 217 Times in 111 Posts
Thanks Given: 170
Thanks Rcvd at 377 Times in 212 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
Quote:
Originally Posted by Stitch View Post
Hello!
I downloaded IDA PRO 6.6, 6.5 and wanted to know how can I check if the file I got is a clean(no virus) version.

Thanks!
maybe Ilfack puts somewhere MD5 of his genuine instlalers? (not sure)...
Reply With Quote
  #5  
Old 01-28-2015, 11:02
ontryit ontryit is offline
Friend
 
Join Date: Nov 2011
Posts: 169
Rept. Given: 128
Rept. Rcvd 17 Times in 14 Posts
Thanks Given: 371
Thanks Rcvd at 67 Times in 40 Posts
ontryit Reputation: 17
May be registered users can ask Ilfack about the MD5/SHA1 or check it by him self, and be kind to post the hash value here. So our in this forum can be sure that the setup was original.

(sorry for my terrible English)
Reply With Quote
  #6  
Old 02-02-2015, 03:12
Stitch Stitch is offline
Friend
 
Join Date: Sep 2014
Posts: 32
Rept. Given: 1
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 4
Thanks Rcvd at 12 Times in 8 Posts
Stitch Reputation: 3
Quote:
Originally Posted by h8er View Post
I recommend you to read Practical Malware Analysis, it's a very good introduction to the subject
Thank you for the response. Is the assembly subject in the book is for beginners or I shouldn't start from there?
I have no problem start from there just want to read more opinions and thoughts.

Quote:
Originally Posted by Conquest View Post
IDA is a disassembler, not a antimalware product. Your question itself isnt invalid but the question is something like this "how can i make Apollo 11 with a hammer " .
Anyway , to be specific to your question - you have to make sure 1. you unpacked the file(if its packed) , 2. dont run the file by mistake (use a lab environment thats why) . Then figure out what it will do/does (Again running it in a sandboxed environment environment will yield your result much easier) . This is the basics . But each of the steps involve complexity . You can check different malware analysis sites on the net for examples
The question is clear, the reader isn't clear. I downloaded Detect It Easy but it doesn't show me anything suspicious, I asked this question because Ollydbg 1.10 gave me an error on opened in OS 8.1.
x64/32_dbg I have no idiea about it. Just wanted to check IDA and about running VMware I will do it later. I thought I can find my answer here.


Sorry if spammed or uncleared, just cannot find instructions at google. Thanks all for response and please don't junk.
Reply With Quote
  #7  
Old 02-02-2015, 11:50
Conquest Conquest is offline
Friend
 
Join Date: Jan 2013
Location: 0x484F4D45
Posts: 120
Rept. Given: 46
Rept. Rcvd 29 Times in 17 Posts
Thanks Given: 30
Thanks Rcvd at 57 Times in 27 Posts
Conquest Reputation: 29
Quote:
Originally Posted by Stitch View Post
Thank you for the response. Is the assembly subject in the book is for beginners or I shouldn't start from there?
I have no problem start from there just want to read more opinions and thoughts.


The question is clear, the reader isn't clear. I downloaded Detect It Easy but it doesn't show me anything suspicious, I asked this question because Ollydbg 1.10 gave me an error on opened in OS 8.1.
x64/32_dbg I have no idiea about it. Just wanted to check IDA and about running VMware I will do it later. I thought I can find my answer here.


Sorry if spammed or uncleared, just cannot find instructions at google. Thanks all for response and please don't junk.
Please describe your problem accurately. At this point i am clueless about what you are even talking about. Once again IDA is for analyzing malwares(or any piece of software which ida analysis module can support).
It cannot detect Malwares.

My closest assumption is that you are asking if file is packed or not. You can check that by loading it up in any diassembler. there is no standard thumb rule to do so. But usually packed files have custom stub for unpacking and oep re-routed to this custom stub. Use available 3rd party packer analyzers for now.
Reply With Quote
  #8  
Old 02-02-2015, 14:43
leetone's Avatar
leetone leetone is offline
Family
 
Join Date: Apr 2014
Posts: 146
Rept. Given: 42
Rept. Rcvd 31 Times in 20 Posts
Thanks Given: 21
Thanks Rcvd at 51 Times in 37 Posts
leetone Reputation: 34
This is just a classic case of a new malware reverser wanting to jump headfirst into reversing with IDA Pro 6.6 instead of taking a step back and READING SOME RECCOMENDED LITERATURE by many many many members of every reversing community ever...:

Reversing: Secrets of Reverse Engineering - by Eldad Elium

The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler - by Chris Eagle

but for both of these it would help to know how to program before....I suggest you don't use any of this crap and learn some C++.
Reply With Quote
  #9  
Old 02-15-2015, 15:47
tK! tK! is offline
Family
 
Join Date: Jan 2013
Posts: 153
Rept. Given: 6
Rept. Rcvd 120 Times in 33 Posts
Thanks Given: 17
Thanks Rcvd at 59 Times in 35 Posts
tK! Reputation: 100-199 tK! Reputation: 100-199
i Think some of you guys give the wrong answer to "Stitch"

he Downloaded IDA Pro v6.6 , 6.5 and he want use it ! he asking how be sure the file he downloaded is Clean ! i mean IDA itself ! no virus or trojan binded.
Reply With Quote
  #10  
Old 02-15-2015, 20:21
Git's Avatar
Git Git is offline
Old Git
 
Join Date: Mar 2002
Location: Torino
Posts: 1,107
Rept. Given: 221
Rept. Rcvd 265 Times in 157 Posts
Thanks Given: 105
Thanks Rcvd at 220 Times in 125 Posts
Git Reputation: 200-299 Git Reputation: 200-299 Git Reputation: 200-299
tK! - yes, that was my opinion too. I believe some or all of the full installer exe files did have an MD5 given.

Git
Reply With Quote
  #11  
Old 02-17-2015, 01:48
Chaoslord
 
Posts: n/a
Quote:
Originally Posted by Git View Post
tK! - yes, that was my opinion too. I believe some or all of the full installer exe files did have an MD5 given.

Git
Most of them, do
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Question on PKE TmC General Discussion 8 09-19-2007 23:59
VS 6 question(s)... newguy General Discussion 9 04-22-2004 19:49
Question to JMI Rhodium General Discussion 1 02-20-2004 06:16


All times are GMT +8. The time now is 14:46.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2022 )