What is a RAT? for the people who do not know.
The term "RAT" is new, however. Trojans are programs that run in the background and give unauthorized access to your computer. It is up to the person who has Ratted you what do do with your computer, but they have several options once you accidentally install a RAT on your system. RATs are usually executable files you download from the internet. It could be masked as another program or a malicious coder could add one to an application which seems normal.
So without further ado, lets get straight into this tutorial.
I do all of these steps so I recommend that you should do the same. All steps are not required it's just the way I do it to make sure.
Opening an application in sandboxie.
First thing people should be doing is opening the exe you are checking in sandboxie. If the application opens there is a possibility that there is no RAT. But not 100%, there still is a slight possibility that there is a RAT, as i said before a malicious coder could add one to an application which seems completely normal.
1. Download sandboxie if you do not have it already. I recommend to download it You must login or register to view this content.. Just click Download from this site when on the page. You will be downloading a setup so go through the setup, it is easy to do. Here is what the web page will look like You must login or register to view this content., the red box shows where to download from.
2. It is pretty easy to open an application in sandboxie. Just simply right click on the exe and click Run Sandboxed. Make sure Default Box is highlighted on the popup then click OK, it will look like this You must login or register to view this content.. You will need to make sure you have all the dlls in the same location as the exe to run the application. If the application opens there still is a possibility that there is a RAT so don't close the application straight away. If the application does not open and just crashes sandboxie skip to the next part, if not keep reading the next step.
3. If the application opens we will need to check our processes using Task Manager. Open Task Manager and Click on the Performance tab. Where we can click Open Resource Monitor at the bottom of Task Manager. This is where we can see all of the hidden processes along with all of the ones what will normally show. This You must login or register to view this content. shows what It will look like, the red square shows the application I have opened with sandboxie, which is an application I have made myself.
This could be different on other Windows. This is on Windows 10, I am sure you will find the same way on other windows. Next to where the application shows in Task Manager you can normally see the RAT's. They all have different names, they will all stand out like Anonymous Login or Remote Access Login. If that shows you can pretty much stop there, shows that there is a RAT with the application. If nothing shows we will go to the next part for checking for a RAT.
Opening an application using a virtual private server and or a virtual machine.
If you don't know what a VPS is, it stands for virtual private server and is basically a virtual machine sold as a service by an Internet hosting service. Basically just runs its own copy of an operating system.
I know that you guys may not be able to buy this but I recommend 100%, it always helps when checking for remote logins and is very cheap. Some VPS are different when setting up, you can just search them on the internet and use Windows Remote Desktop Connection to connect to your server.
If you guys have one and or decided to get one just simply open the exe on the server and check your processes using Task Manager the same way we did in step 1. Just simply open Task Manager, then click the Peformance tab, then right down the bottom you will see Open Resource Monitor click on that and there is where you can see all processes along with all the hidden ones. This You must login or register to view this content. shows what It will look like, the red square shows the application I have opened with sandboxie which is an application I have made myself.
You can also use a Virtual Machine (VM), which is free, you will just need to do a simple download from You must login or register to view this content..
A VM is an emulation of a particular computer system. Virtual machines operate based on the computer architecture and functions of a real or hypothetical computer, and their implementations may involve specialized hardware, software, or a combination of both. VM and VPS are almost the same.
1. When done the setup you will have a Oracle VM VirtualBox shortcut on your desktop, open it. You will have something like You must login or register to view this content..
2. Click New at the top located You must login or register to view this content.. Name it what ever you want. Select your type, I recommend to use the same software you are on. So I would choose Microsoft Windows. Choose the operating system you wish to install, I will install windows 8.1 for the time being. Click Next.
3. Select your memory your machine is going to have. This depends on how much memory you need. I recommend to use use like 1/4 - 1/2 of your current system. I am going to set it as 3096 for the time being. Keep in mind if this is to high it may cause issues on your hosts machine. Click Next.
4. Now time to create Virtual Hard Disk. Select the the Create a virtual Hard Disk now radiobutton. Go ahead and select Virtual Disk Image (VDI). Click Next.
5. You need to choose Dynamically allocated, it is better to use. Fixed size is highly not recommended. Click Next.
6. Put 20gb for size and click Create. And there we go we now have our very own virtual machine. It should look something along the lines like You must login or register to view this content..
7. There is a couple of things I highly recommend doing. Click settings at the top of virtualbox, found You must login or register to view this content.. It should look like You must login or register to view this content.. Click the advanced tab on the settings popup. On both Shared Clipboard and Drag'n'rop set as Host To Guest and click OK. This allows us to copy files over to the virtual machine.
8. Then you will need to install an operating system just like your computer and you're good to go.
Well that is going to bring this tutorial to an end. I really hope this thread will help you guys out a lot. If I made some sort of mistake somewhere let me know.