MY dad recently received a malware through email and he by mistake clicked on it & it got executed in wine. but nothing happened.
then again i ran the same virus via wine.
here is a log
Code:
:/tmp$ wine my_fotos.exe
wine: Unhandled page fault on write access to 0x0042c188 at address 0x4010c7 (thread 0009), starting debugger...
Unhandled exception: page fault on write access to 0x0042c188 in 32-bit code (0x004010c7).
Register dump:
CS:0073 SS:007b DS:007b ES:007b FS:0033 GS:003b
EIP:004010c7 ESP:0034fb84 EBP:0034fba8 EFLAGS:00010216( - 00 -RIAP1)
EAX:00126500 EBX:00401840 ECX:0042c000 EDX:0042c188
ESI:00400000 EDI:7b898f80
Stack dump:
0x0034fb84: 00008040 00000000 00000000 00000008
0x0034fb94: 00000008 00124500 0042b040 001244f8
0x0034fba4: 0042c000 0034fedc 0040165d 7ee4f860
0x0034fbb4: 7ee34764 0034fc78 7ed8ddba 0000c011
0x0034fbc4: 00000008 00000038 00000000 0034fc78
0x0034fbd4: 7df321fe 1290e909 00000001 00000000
Backtrace:
=>1 0x004010c7 in my_fotos (+0x10c7) (0x0034fba8)
2 0x0040165d in my_fotos (+0x165d) (0x0034fedc)
3 0x00432608 in my_fotos (+0x32608) (0x0034ff08)
4 0x7b874c7e start_process+0xee(arg=0x0) [/build/buildd/wine-0.9.46/dlls/kernel32/process.c:839] in kernel32 (0x0034ffe8)
5 0xb7e599d7 wine_switch_to_stack+0x17() in libwine.so.1 (0x00000000)
0x004010c7: movl %eax,0x0(%edx)
Modules:
Module Address Debug info Name (44 modules)
PE 400000- 458000 Export my_fotos
ELF 7b800000-7b929000 Dwarf kernel32<elf>
\-PE 7b820000-7b929000 \ kernel32
ELF 7bc00000-7bca0000 Deferred ntdll<elf>
\-PE 7bc10000-7bca0000 \ ntdll
ELF 7bf00000-7bf03000 Deferred <wine-loader>
ELF 7d78f000-7d798000 Deferred libxcursor.so.1
ELF 7d7a7000-7d7c4000 Deferred imm32<elf>
\-PE 7d7b0000-7d7c4000 \ imm32
ELF 7d7c4000-7d7ca000 Deferred libxrandr.so.2
ELF 7d7ca000-7d7d2000 Deferred libxrender.so.1
ELF 7d7d5000-7d7da000 Deferred libxfixes.so.3
ELF 7dd8a000-7e89f000 Deferred libglcore.so.1
ELF 7e89f000-7e943000 Deferred libgl.so.1
ELF 7e943000-7e948000 Deferred libxdmcp.so.6
ELF 7e948000-7e94b000 Deferred libxau.so.6
ELF 7e94b000-7ea3c000 Deferred libx11.so.6
ELF 7ea3c000-7ea4a000 Deferred libxext.so.6
ELF 7ea4a000-7ea4f000 Deferred libxxf86vm.so.1
ELF 7ea4f000-7ea67000 Deferred libice.so.6
ELF 7ea67000-7ea6f000 Deferred libsm.so.6
ELF 7ea7e000-7eb09000 Deferred winex11<elf>
\-PE 7ea90000-7eb09000 \ winex11
ELF 7eb89000-7eba9000 Deferred libexpat.so.1
ELF 7eba9000-7ebd4000 Deferred libfontconfig.so.1
ELF 7ebd4000-7ebe9000 Deferred libz.so.1
ELF 7ebe9000-7ec59000 Deferred libfreetype.so.6
ELF 7ec68000-7ecb1000 Deferred advapi32<elf>
\-PE 7ec70000-7ecb1000 \ advapi32
ELF 7ecb1000-7ed4c000 Deferred gdi32<elf>
\-PE 7ecc0000-7ed4c000 \ gdi32
ELF 7ed4c000-7ee8a000 Deferred user32<elf>
\-PE 7ed70000-7ee8a000 \ user32
ELF 7efa9000-7efb4000 Deferred libnss_files.so.2
ELF 7efb4000-7efcc000 Deferred libnsl.so.1
ELF 7efcc000-7eff1000 Deferred libm.so.6
ELF 7eff6000-7f000000 Deferred libnss_nis.so.2
ELF b7cd0000-b7cd2000 Deferred libnvidia-tls.so.1
ELF b7cd2000-b7cdb000 Deferred libnss_compat.so.2
ELF b7cdc000-b7ce0000 Deferred libdl.so.2
ELF b7ce0000-b7e2a000 Deferred libc.so.6
ELF b7e2b000-b7e43000 Deferred libpthread.so.0
ELF b7e52000-b7f66000 Dwarf libwine.so.1
ELF b7f68000-b7f84000 Deferred ld-linux.so.2
Threads:
process tid prio (all id:s are in hex)
00000008 (D) Z:\tmp\my_fotos.exe
00000009 0 <==
gaurish@gaurish-desktop:/tmp$
Now is my wine install effected?
What happends when a Malware is executed in wine
Linear Mode
