[nSLUG] Examine unknown static binary

francis picabia fpicabia at gmail.com
Thu Dec 14 18:30:39 AST 2017


A web app has uploaded a static ELF binary.

Someone else is in charge of updating the app so it won't happen again.

I've looked at it with:

 strings binaryfile | grep '.\{18}'

for any hints about what it does, nothing solid.

Windows anti-virus would identify it as ChinaZ.J
This covers many things, so doesn't really help.

I'd like to have a sandbox where I could try running the binary
with no network.  It doesn't seem jail software is 100% safe.

How to do this while assuming the worst could happen?
The other choice is to install a fresh Linux on an isolatable box.

I see a list of analyzers here:

https://zeltser.com/automated-malware-analysis/

Has anyone tried and found a good one?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nslug.ns.ca/pipermail/nslug/attachments/20171214/7bd2a94c/attachment.html>


More information about the nSLUG mailing list