Results 1 to 8 of 8

Thread: detect a binded .exe

  1. #1
    Member
    Join Date
    Jun 2008
    Posts
    56

    Default detect a binded .exe

    hi
    if i want to open a .exe on my windows machine ,
    how can i know if the .exe is not binded with a maliscous code?
    their is any method or software(not AV) to detect such as these files without execute it and without using a AV ?
    (for example a .exe software binded with a payload or netcat how can i know that the original .exe is binded to a payload and/or netcat)

    thanks

  2. #2
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Default

    As far as I know, before executing the file you can use 2 methods:
    1) Anti-malware
    2) exe file disassembler

    After executing the file you can use "Netstat" (like Netstat Agent 2.1) to find out whether that particular file is listening to a certain port... or connected to a malicious server.

  3. #3
    Member
    Join Date
    Jun 2008
    Posts
    56

    Default

    about netstat .
    i have read a article (but i don't remember where)
    that say the port for exemple 5555 (the port that is connecting the victim to the attacker) can be hidden in the netstat (connot be detected "port 5555")
    by piping it (or something like that ) with a certain ip that the victim is working on
    i think that the netstat can't detect such as these connection (correct me please if i am wrong)

  4. #4
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Default

    I'm not sure about that (I'm not expert). I've established several types of connection to the attacker (like reverse TCP, nc backdoor, telnet session) and my netstat can detect them all.

  5. #5

  6. #6
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Default

    I can't understand, why did you post this link?
    It's absolutely irrelevant to his original query.....

  7. #7
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default

    I completely mis-read the question, sorry. I thought the OP was referring to finding out how to see if windows files could be binded with malicious .exe

  8. #8
    Member muminrz's Avatar
    Join Date
    Jan 2010
    Posts
    64

    Default

    Try this is free and you do not need to install it
    hxxp://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •