Can someone tell me a safe way to check “.exe” files? – Digitalmunition




Home Forums Can someone tell me a safe way to check “.exe” files?

This topic contains 1 reply, has 2 voices, and was last updated by  Parentcraft 2 months ago.

  • Author
    Posts
  • #229083

    anonymous
    Participant

    So I wanted to check an “.exe” with dnSpy but I don’t know if that already gives the “.exe” file access, but I think dnSpy only reads the “.exe” file instead of executing something of it but unsure. How can I check the “.exe” file safely to determine if there’s something suspicious in it or not? I don’t want tools to check it I want manually to check it, well assuming it was not compiled with raw C++. I think downloading the “.exe” file shouldn’t cause any harm I guess.

    Or another reddit to ask this question?

  • #229084

    Parentcraft

    You can use virustotal.com if the .exe is under 200mb. Also you can use something like this https://app.any.run/ to run it and see what happens.

  • #229085

    80-20-human

    Spin up a VM in Azure or your favourite cloud service, run it, them kill it. It may cost you a few pennies but it’ll get the job done safely and properly

  • #229086

    DevoUraa

    Hello Brother There Are Two Site’s I recommend To You :-

    1-VirusTotal

    2-https://www.hybrid-analysis.com

    And if You want Program You Can Use Malwarebytes…

    Best wishes

  • #229087

    B1tninja

    this question can’t be answered, ask something more specific. Reverse engineering, static or dynamic analysis. dnSpy is for .net exes, even better than that is dotpeek or .net reflector, IDA, OllyDbg, Cuckoo

  • #229088

    CAPITAL_jew

    Unsafe

  • #229089

    Cyrius42

    Opening the exe in dnSpy do not execute it, it’s read only.

  • #229090

    PotatoChips2001x

    Burner PC with a Virtual Machine. Never open viruses on your real PC even if it’s in a Virtual Machine.

  • #229091

    TayBit

    Yes it is safe, the code will not be executed. If I remember correctly, dnSpy uses Mono.Cecil which just analyzes the bytecode (CIL). That being said, I always prefer to do these things in a virtual machine just to be safe, imagine you accidentally double click the executable. :p

You must be logged in to reply to this topic.