How do you determine if a file is malware?

Topic

New Reply

Hopefully this is the correct forum, if not please move it.

I recently purchased from what appears to be a legitimate dealer a software program on DVD.  It came in a clamshell box with printed insert and a DVD (printed).  Looked legit.

What concerns me is that the files on the DVD contain one that is:  “License Activation.exe”.  I’ve never seen a separate file for activation.  Normally activation and registration either come from a enclosed card or emailed to you.  But, I’m sure in this case.  I’ve checked the files for malware, but they come up negative.  I appreciate any comments on how to verify without installation.  Log In to see images.

 

Reply | Quote

Replies

Files on DVD

 

Reply | Quote

Using Explorer right click on the file, click on Properties to open a dialog dialog box and click on the Details tab. Further details would require examination of the program.

Are you are able to ask the software creator or supplier for confirmation that this is legitimate program and normal for their registration process?

You can check it with VirusTotal, but first read the terms of service before uploading that file.

There are some software companies (from a search engine query) that still use separate executable activation files: MapleSoft, SolidCAM, and SoftIntegration.

(Historical note: A very long time ago (80’s & 90’s) it was a normal occurrence to use a separate activation program for creating a license key file or signing the software’s executable file.)

Reply | Quote

Malware can hide inside legitimate software applications or files, or its author can disguise it as a seemingly harmless app that users download unknowingly.

Reply | Quote

I would think that “Due Diligence” would be:

1. Scanning the file(S) in question with your native AV software
2. Letting Malwarebytes have a look
3. If anything pops up,or if you’re still unsure, load it up to virustotal.com and have scores of engines look at it.

Unfortunately, there are something called “Polymorphic Viruses” that change just enough with every installation to hide from AV “definitions”. If it ain’t on the “definitions” list, and the AV doesn’t have good Heuristic capabilities (most do), it still might miss it.

But it takes some skill to craft a really stealthy polymorphic piece of malware…but it can be done.

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

1 user thanked author for this post.

windbg

Reply | Quote

Since there’s an ‘activation.exe’ file, in my opinion, the odds of it being ‘pirate’ software is 100%.  20 years ago (hard to believe it’s been that long), I purchased what looked like a genuine copy of Windows 98 from a vendor at a computer show.  Inside the plastic case was a slip of paper indicating the need to execute ‘activate.exe’ on the CD after installing Windows.  I did, and it worked just fine.  Only some time later did I realize it was really a pirate copy and activate.exe simply did whatever was necessary in the registry to make the installation ‘think’ it was activated.  Windows 98 didn’t communicate with Microsoft HQ at every boot up like every version from Windows 7 on up does.  So as long as the installed version was ‘happy’, everything worked fine.

Reply | Quote

Whenever I find a recommendation to install certain application, or find in my computer one I don’t remember having installed myself (for example, using the “Task Manager” in a Windows PC– or  the “Activity Monitor” in a Mac to watch which software seems particularly active, as well as an Internet-traffic monitoring application that shows which installed applications in my computer are having conversations with something out there, and there is one that I don’t recognize), I look first around the Web for comments on this perhaps suspicious item, using keywords such as “malware”, “virus”, “adware” and similar. To make sure I don’t get information too old to be relevant, I restrict my searches to items from “last year.”

I would say to do this when possible, in addition to other things already mentioned here.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote