Home » How to check if a file is malicious?

How to check if a file is malicious?

by Reddit » Hacking
0 comment

It seems like a basic question, but it’s really not. A lot goes into verifying legitimacy of software. Basic answer is antivirus, but as I explain below, antivirus is not reliable.

Junior/Intro level IT guys are just told to scan with Antivirus (AV). An AV might be able to detect certain viruses, yet it is defeated by obfuscation. Antivirus does not protect against 0 days, and poses a privacy risk. I have witnessed trojan executables which had a “verified” publisher on Windows, and the AV didn’t detect anything malicious. AV heuristics is not perfect either. It will fail often.

Another thing IT people do to make sure they don’t get viruses is that they download verified software. If you cloned it from GitHub from a good repo, or downloaded the executable directly from a trustworthy source, then the chance of the executable being malicious is low. I don’t have this luxury, because I’m currently dealing with niche software for exploitation. I am trying to remove Activation Lock (Factory Reset Protection) from an IPad. There are usually no official repos for exploits, and even if there are, they are hard to find.

Some advanced hackers might reverse engineer an executable to check for viruses. Or, an advanced sysadmin might detect that the virus messed up the system using eg. Event Viewer. I don’t know how to do this, sadly. I know there’s a tool called Ghidra for this.

So let’s say I have some .exe I want to run, but I’m not sure if it’s a virus or not. Should I run it on an isolated laptop, and then reset my laptop after once I’m done? Or is there perhaps a better way?

You may also like

Leave a Comment

CyberNonStop

Cybernonstop is created to bring news and knowledge through articles to visitors.

Do not forget to subscribe.

Laest News

@2021 – All Right Reserved. Designed and Developed by PenciDesign