Examine unknown static binary

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Examine unknown static binary

francis picabia

A web app has uploaded a static ELF binary.

Someone else is in charge of updating the app so it won't happen again.

I've looked at it with:

 strings binaryfile | grep '.\{18}'

for any hints about what it does, nothing solid.

Windows anti-virus would identify it as ChinaZ.J
This covers many things, so doesn't really help.

I'd like to have a sandbox where I could try running the binary
with no network.  It doesn't seem jail software is 100% safe.

How to do this while assuming the worst could happen?
The other choice is to install a fresh Linux on an isolatable box.

I see a list of analyzers here:

Has anyone tried and found a good one?

nSLUG mailing list
[hidden email]