Possible to neutralize payload while letting executable run?

Not sure if I’m using accurate terminology but trying to learn.

Setup a vm playground (win10) to run infected exe file.

It appears to be infected with njrat/Bladabindi.

It won’t launch in sandbox and cause app misbehavior..probably by design.

It seems the simple choice is to delete the file but I’m curious in situations where the infected file is important what other options are.

I want to know if it’s possible to disinfect executable file back to its virgin state or stop identified payloads during launch of exe?

Touch here for the full post on Network Security Noblemen tumblr

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s