Zero Wine

[Cellulose]

http://sourceforge.net/projects/zerowine/

The above is an image I was using within Qemu. However when I am meant to open a browser at http://localhost:8000 to upload the executable, I am not sure what browser I can use since I am unsure what software is included. Any ideas?

Alternatively, are there any other options for checking exe's without much programming knowledge?

Thanks.

 

[n0cmonkey]

I use firefox with zerowine. Not firefox on the image, but the firefox on my linux box running qemu.

Norman and CWSandbox are nice. And expensive.
Anubis might be another alternative. Saw it mentioned somewhere, haven't really checked it out though.

 

[Cellulose]

Ah, I didn't realize that you were meant to use the browser on the machine running qemu - thanks

I'll have a look at those alternatives as well.

 

[n0cmonkey]

Originally posted by: Cellulose
Ah, I didn't realize that you were meant to use the browser on the machine running qemu - thanks

I'll have a look at those alternatives as well.

Documentation for zerowine is pretty lacking (which is common with such a new project). Reading through some of the help messages for it on sourceforge was pretty helpful.

Looking at Anubis it just looks like you can submit your binary to them, not run their software. (http://anubis.iseclab.org/index.php?action=home)

I think CWSandbox supports analyzing PDFs, but it's expensive.

 

[Schadenfroh]

I wrote my senior thesis on detecting malicious software with WINE (although the analysis process likely differs greatly). I was unaware that this even existed. Glad my prospectus predates that project's announcement.