Home/ Questions/Q 597137
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T16:14:51+00:00

I have a file that could possibly be a virus. I’d like to execute

  • 0

I have a file that could possibly be a virus. I’d like to execute the file in some form of a sandboxed environment and trace what files it tries to modify or basically anything that it is trying to do. What software tools and knowledge do I need to do this?

My system is windows 7.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I’ll try and see this in a programming context as reverse engineering. Here’s some things you could do:

    • Get an idea of what APIs it’ll call using depends.exe from the Microsoft SDK. You’ll also be able to see what symbols it refers to.
    • use procexp.exe / tcpview.exe / filemon.exe / regmon from http://www.sysinternals.com to see the activity of the process at runtime.
    • Execute it with the WinDbg debugger from Microsoft to find out what’s going on, also.

    You could, of course, go further. As Zyphrax suggests in his answer, you are best doing this inside some form of virtual machine on the assumption that the code is dangerous.

    • 0