Deep file scan for viruses!
Introduction
Hello everyone, everyone who downloaded cheats / programs / other software thought: "Is there a virus in the program?" Of course, they can be, every day who climbs sites with software may come across similar programs containing malicious code that will be a miner / clipper / ransomware or ransomware (almost the same thing), and so, for those who are afraid to download software from the Internet and is afraid for his confidential information, then this article is for you, so that you do a deep analysis and make sure the file is clean. Since not everyone can parse the file into code and see what it contains, because basically - the program code is closed.
Start
Sites that we will use to parse the file:
1) app.any.run
2) hybrid-analysis.com
3) opentip.kaspersky.com
4) virustotal.com
5) vms.drweb.ru/scan_file/
For example, we will use the AIO (Checker), the crack of which was merged into the lolza. (I am not responsible if you run it on your main machine and something happens to it)
1) Download our file
2) We get our file from the archive:
3) First you need to find out if the file itself contains malicious code, so upload it to https://virustotal.com
It's funny, but at this point, many users have already given up the download, but we will write off everything to "KRYAK".
4) After receiving the result, we go to app.any.run and check if the file itself is working.
Firstly, you need to register on it, there is nothing complicated there, so I will not explain how to do this.
After registration, click here:
Next, we poke here, after opening the menu:
We should have a menu like this:
Click Upload and upload our file, which we are examining. Further, as we can see, the checker is loaded:
Now I am showing the optimal settings that you set, everything should be like this:
Click Run a public test:
Agree and wait for the download. Next, your file automatically opens and you see what it does:
If the program is stable and there are no icons that appear next to the program name, for example: stealer / trojan / redline and also, the file is not marked as red, then the file passed the app.any.run test by 100 percent. Also, look at what the file did on the virtual pc, just right-click on it and this will come out:
5) Okay, there was no malicious activity, so we continue the analysis. If app.any.run found something, then there is a virus and it is pointless to continue the analysis. Here's an example from app.any.run that shows the redline styler at work:
6) Next, we go to the site https://www.hybrid-analysis.com and load our file:
After downloading the file, we will get out a menu, which we fill in and press Continue
You can put any mail, we don't need it. Next, such a menu will pop up (be sure to select everything as in the screenshot):
Next, go to Runtime Options and select everything again like me:
Then press Generate Public Report and wait for the result, and then study it:
As we can see, it fails the test and gets 100/100.
Next, we go to the site https://opentip.kaspersky.com, and upload our file there. After loading, click Analyze:
We are waiting for the download:
Strange, but the program passes the test from Kaspersky:
Now we are waiting for a deeper analysis from them:
As we can see, the program did not do any harmful actions, which can be seen from the panel also on app.any.run:
5) And the last step, we pour our experimental on the site https://vms.drweb.ru/scan_file, or scan it with any other antivirus and get the following result:
Next, we collect and consider all the information about this file, the analyzes that we received. Most likely, the antivirus complains about a crack, but it can, of course, also have malware embedded in it. And we conclude: it is better to run it on a virtual machine, or a RDP (Dedicated Server) one.
That's all! Good luck!
Introduction
Hello everyone, everyone who downloaded cheats / programs / other software thought: "Is there a virus in the program?" Of course, they can be, every day who climbs sites with software may come across similar programs containing malicious code that will be a miner / clipper / ransomware or ransomware (almost the same thing), and so, for those who are afraid to download software from the Internet and is afraid for his confidential information, then this article is for you, so that you do a deep analysis and make sure the file is clean. Since not everyone can parse the file into code and see what it contains, because basically - the program code is closed.
Start
Sites that we will use to parse the file:
1) app.any.run
2) hybrid-analysis.com
3) opentip.kaspersky.com
4) virustotal.com
5) vms.drweb.ru/scan_file/
For example, we will use the AIO (Checker), the crack of which was merged into the lolza. (I am not responsible if you run it on your main machine and something happens to it)
1) Download our file
2) We get our file from the archive:
3) First you need to find out if the file itself contains malicious code, so upload it to https://virustotal.com
It's funny, but at this point, many users have already given up the download, but we will write off everything to "KRYAK".
4) After receiving the result, we go to app.any.run and check if the file itself is working.
Firstly, you need to register on it, there is nothing complicated there, so I will not explain how to do this.
After registration, click here:
Next, we poke here, after opening the menu:
We should have a menu like this:
Click Upload and upload our file, which we are examining. Further, as we can see, the checker is loaded:
Now I am showing the optimal settings that you set, everything should be like this:
Click Run a public test:
Agree and wait for the download. Next, your file automatically opens and you see what it does:
If the program is stable and there are no icons that appear next to the program name, for example: stealer / trojan / redline and also, the file is not marked as red, then the file passed the app.any.run test by 100 percent. Also, look at what the file did on the virtual pc, just right-click on it and this will come out:
5) Okay, there was no malicious activity, so we continue the analysis. If app.any.run found something, then there is a virus and it is pointless to continue the analysis. Here's an example from app.any.run that shows the redline styler at work:
6) Next, we go to the site https://www.hybrid-analysis.com and load our file:
After downloading the file, we will get out a menu, which we fill in and press Continue
You can put any mail, we don't need it. Next, such a menu will pop up (be sure to select everything as in the screenshot):
Next, go to Runtime Options and select everything again like me:
Then press Generate Public Report and wait for the result, and then study it:
As we can see, it fails the test and gets 100/100.
Next, we go to the site https://opentip.kaspersky.com, and upload our file there. After loading, click Analyze:
We are waiting for the download:
Strange, but the program passes the test from Kaspersky:
Now we are waiting for a deeper analysis from them:
As we can see, the program did not do any harmful actions, which can be seen from the panel also on app.any.run:
5) And the last step, we pour our experimental on the site https://vms.drweb.ru/scan_file, or scan it with any other antivirus and get the following result:
Next, we collect and consider all the information about this file, the analyzes that we received. Most likely, the antivirus complains about a crack, but it can, of course, also have malware embedded in it. And we conclude: it is better to run it on a virtual machine, or a RDP (Dedicated Server) one.
That's all! Good luck!
