This topic contains 1 reply, has 2 voices, and was last updated by Parentcraft 9 months, 3 weeks ago.
- April 2, 2020 at 12:43 pm #229083
So I wanted to check an “.exe” with dnSpy but I don’t know if that already gives the “.exe” file access, but I think dnSpy only reads the “.exe” file instead of executing something of it but unsure. How can I check the “.exe” file safely to determine if there’s something suspicious in it or not? I don’t want tools to check it I want manually to check it, well assuming it was not compiled with raw C++. I think downloading the “.exe” file shouldn’t cause any harm I guess.
Or another reddit to ask this question?
- April 2, 2020 at 12:43 pm #229084
You can use virustotal.com if the .exe is under 200mb. Also you can use something like this https://app.any.run/ to run it and see what happens.
- April 2, 2020 at 12:43 pm #229085
Spin up a VM in Azure or your favourite cloud service, run it, them kill it. It may cost you a few pennies but it’ll get the job done safely and properly
- April 2, 2020 at 12:43 pm #229086
Hello Brother There Are Two Site’s I recommend To You :-
And if You want Program You Can Use Malwarebytes…
- April 2, 2020 at 12:43 pm #229087
this question can’t be answered, ask something more specific. Reverse engineering, static or dynamic analysis. dnSpy is for .net exes, even better than that is dotpeek or .net reflector, IDA, OllyDbg, Cuckoo
- April 2, 2020 at 12:43 pm #229088
- April 2, 2020 at 12:43 pm #229089
Opening the exe in dnSpy do not execute it, it’s read only.
- April 2, 2020 at 12:43 pm #229090
Burner PC with a Virtual Machine. Never open viruses on your real PC even if it’s in a Virtual Machine.
- April 2, 2020 at 12:43 pm #229091
Yes it is safe, the code will not be executed. If I remember correctly, dnSpy uses Mono.Cecil which just analyzes the bytecode (CIL). That being said, I always prefer to do these things in a virtual machine just to be safe, imagine you accidentally double click the executable. :p
You must be logged in to reply to this topic.