How to check if exe files are safe?

Discussion in 'Programming' started by Venomous_Creeper, Oct 11, 2018.

  1. Hello,

    I was so eager to test out a small program someone made that I didn't realize the dangers until after, is anyone capable of checking exe files and willing?

    I ran the files a couple of times since it wasn't working the way it was supposed to, and now I'm really paranoid.

    After deleting the files I scanned using Malwarebytes, what else should I do?

    I can get the files back if someone's willing to test it out. I understand if no one is willing, since if I were thinking straight I wouldn't have done it myself, but my sleepiness got to me I guess.
  2. foncused

    Moderator Patron

    You should be cautious when running suspicious executables from questionable sources. Did your scan provide any useful information?

    VirusTotal can be useful to check for any indication of malware. You can also set up a virtual system to test in a sandbox environment.
  3. It was clear on Malwarebytes but here's the result from Virustotal:

    Should I be worried?
  4. That's the anti virus you need ^, don't run it; problem averted. Don't get sucked in by your 'wants and needs'
  5. Choco


    Run it and find out
    (I'm kidding, please don't do this)

    Really, only run executable files from reputable sources. I wouldn't dare run an exe from someone I just recently met or from a website I do not know.
  6. Create a virtual machine. Run and find out
  7. I'd say since you've gotten the VirusTotal, and have already run the file once or twice, your best option is a fresh OS wipe - and unplug/deauth the computer from the network.
  8. I already ran it ;-; Lesson learned I guess.
    Yeah I'll be doing that, I think it's time anyway since my PC is super slow :(
    I can still download it right? And how do I find out if it's safe after running it? Because when I ran it on my PC it just closed.
  9. It doesn't destroy your computer? My question is what are you trying to run?
  10. Anyone willing to test it on a virtual machine? I would but I'm not sure how to find out what's "inside".
  11. Well, I was looking for something that automates wifi password change, and I found someome to make me one and we were screensharing. After showing him how I did part of it manually he sent an exe file and told me to try it out. I soon realized after running it multiple times (to test it) that I've done something really stupid :(
  12. The anti-virus result from Malwarebytes doesn't really say there's a virus. Six out of the 67 engines said that it looks similar to a trojan; but none of them has any results as to which it could be (comparison: Hello World in C triggers 7 engines). This doesn't mean you're safe; it might be a less common trojan. The safest thing to do is to do a complete re-install; but it might not always be feasible or needed. You can try de-compiling the exe file with a decompiler and check the decompiled source for anything suspicious.

    Did you enter your system password or run it as an administrator? If so, do a clean system wipe ASAP. Do you know the person who sent it to you? Confront him about it, where he got it from etc.

    It baffles me how it's 2018 and Windows still doesn't have a decent sandbox mode.
    #12 StillNoNumber, Oct 12, 2018
    Last edited: Oct 12, 2018
  13. I don't think I ran it as an administrator, but it might have been ran as one by default. What tool should I use to decompile it?

    I'll confront the person if I get enough evidence it's unsafe, so I can get them punished on another forums.
  14. Here's a bunch of tools you can use to decompile:

    Just, you know, do the entire analysis inside of a VM. Better be safe than sorry.
    • Agree Agree x 1
  15. Strahan


    Are you a programmer? If not, there is no point as you won't know what you are looking at.
  16. Does not matter, there are enough master boot record and bios flashing things, ransomware that trigger at a future date, etc. that can really ruin a system, and hold it hostage. Even replacing the hard drive with a fresh new one will just re-install a malicious bit of code hiding in a bios.

    Server owners have to get used to doing the work by constantly having a cloned instance of their live server, and use that in a sandbox situation to have a buffer between the network, the live server, and yourself.
  17. VMs can be detected by malware.
  18. Running a virus multiple times is not going to make a difference—it won’t make it faster or slower.

    All it will do is create multiple instances of the same program which will hog even more of your memory unnecessarily.

    What I’d advise to attempt removing or stopping it from running is following these steps. It’s referred to as a “clean boot”:
    1. Hit Win + R and type in the dialog msconfig, then hit Enter. Under the Boot tab, check the box next to Safe Mode and restart. Unless the virus installed a driver onto your system, it won’t be able to start automatically in Safe Mode.
    2. Once you’re booted into Safe Mode, hit the Win + R keys again and type in %appdata% and hit Enter, navigate to Roaming/Microsoft/Windows/StartMenu/Programs/Startup and delete any unrecognised programs.
    3. Search for Disk Cleanup in the Start Menu as administrator and clear out temporary folders on your Windows installation drive. This will delete any copies of the virus hiding inside the temporary data directories.
    4. Empty all of the executables and files you deleted from the Recycle Bin to verify that it’s removed permanently, or inaccessible to the system.
    5. Hit Win + R once again and type in msconfig and then hit Enter, under the Services tab, check Hide all Microsoft services. Next, select Disable All. Now, go to the Boot tab and uncheck the Safe Mode option, then restart.
    #18 TurtlesBeast23, Oct 12, 2018
    Last edited: Oct 12, 2018