How can you be sure questionable exe is safe?

Status
Not open for further replies.

RXZ6Q

Level 4
Thread author
Verified
Mar 30, 2016
169
If you have questionable exe, let's say crack, which is clean by VirusTotal scan, and you send it to multiple AV vendors claiming it to be malware and they mark it as clean file, can you be sure it's safe
 
  • Like
Reactions: vemn and tonibalas

RoboMan

Level 34
Verified
Top Poster
Content Creator
Well-known
Jun 24, 2016
2,399
To start with, i guess you're using "crack" as an example, due to the fact piracy is illegal and not supported on this forum. If so, you can't ever rely 100% on antivirus/antimalware scans, actually you can't believe at all on heuristics or sig-based software, so the only way to know a file is safe is a virtual machine, and scanning processes, payloads and watching it's behaviour with a few programs to study it.
 

Parsh

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Dec 27, 2016
1,480
Though you mentioned cracks as an example, it must be an intended use and cracks are mostly a lose-lose situation for Devs and the users.

Another reason to avoid'em is because Most Of the AV engines will detect cracks as malicious, mostly by heuristics.
Now, it's natural for most people to think of this as an FP as many supporting sites themselves state that cracks are often wrongly flagged.
* You either don't run them (you win) or you run them, find nothing suspicious, and you live a life based on a false sense of security.
How will you then know if the crack you ran is stealing your every bit of privacy/ did it introduce more malicious entities into your system..? Heck no!

Anyways, 3 things you can do to almost be sure of safety of any executable are:
  1. Test by VooDooShield app (AI results)
  2. Submit to Valkyrie/cuckoo sandbox/threatexpert/hybrid-analysis
  3. Run in VM/sandbox as @RoboMan said
Keep safe.
 

roger_m

Level 41
Verified
Top Poster
Content Creator
Dec 4, 2014
3,014
If VT and multiple vendors say it's safe, then it should be. But, the bigger issue is not if the file is safe or not, but that you shouldn't be using pirated software, and you really should either buy the program or use a free alternative.
 

DJ Panda

Level 30
Verified
Top Poster
Well-known
Aug 30, 2015
1,928
Even if VT says its clean, its not an absolute safe file. Piracy is one illegal and second an extremely easy way to get infected. I'm usually the guy that gives pity but if you pirate and get infected. Not really my fault...
 

WinXPert

Level 25
Verified
Honorary Member
Top Poster
Malware Hunter
Well-known
Jan 9, 2013
1,457
If it's questionable, I'll run it first sandboxed and observe what it's doing. BUT a questionable crack is another thing, who knows if there is an undetected payload inside.
 

Atlas147

Level 30
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 28, 2014
1,990
If you yourself think that the exe is questionable then I would suggest trusting your gut and not running it.

Sending it to AVs and having them test the file is not a 100% method of making sure that it's safe, there are files that slip pass them as well.

It's basically making a choice of either not using cracks or use them and deal with the consequences of potentially compromising your set up.
 
Last edited by a moderator:
D

Deleted member 178

@Hanmin147 the last sentence of you post is against the rules,

I quote the valid part of you post:

Hanmin147 said:
If you yourself think that the exe is questionable then I would suggest trusting your gut and not running it.

Sending it to AVs and having them test the file is not a 100% method of making sure that it's safe, there are files that slip pass them as well.

It's basically making a choice of either not using cracks or use them and deal with the consequences of potentially compromising your set up.
 

tonibalas

Level 40
Verified
Honorary Member
Top Poster
Well-known
Sep 26, 2014
2,973
If i want to test a questionable exe i will run it with Shadow Defender enabled.
If strange things start to happen on my system then i restart the pc and all is good.
If nothing happens then you proceed at your own risk.
In the past i was using cracks too but after i was infected i decided,as @roger_m suggested to use free alternatives and since
i am a happy,safe and worry free user.
 

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
if VT says it is clean, and it has a valid digital sig from the vendor that I expected it to come from, that's good enough for me.

The problem is when it doesn't have the digital sig. Then:
1 If I downloaded it from a trusted site, and it is a secure connection, that gives me enough confidence to run it.
2 If I am suspicious, I make a system backup before running it, and I keep an eye on the installation process with an app like NVT ERP.
There is no true 100%, but that's the way the world works. You can't live your whole life in a nuclear bunker.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top