Basic Malware Analysis And Removal Part 2: Shared Folders

Posted 5/10/2010 8:04:04 PM

This is the second post in the "Basic Malware Analysis And Removal" series. Click Here to view the first post: Setting up a Virtual Environment In our first post we covered the basics of setting up a VirtualBox Virtual Machine with snapshots configured to remove the need to reformat the computer every time you want to undo a change. In this next post I'll go over the basics of setting up a "Shared Folder" so that you can share files between your physical computer and the Guest Virtual Machine. Prerequisites: I am expecting you to have a Windows (XP, Vista, or 7) Virtual Machine setup in VirtualBox with the Guest Additions software installed. If you do not have any of these, please visit my last post to learn how to set everything up.

Step 1: Create the folder to share

In order to share files between your real and virtual computers, you first have to decide where these files will be stored. Simply select or create a folder anywhere on your physical machine and remember where it is. In this example, I'm using a folder called "Shared" that I have on my desktop.

Step 2: Create the Shared Folder in VirtualBox

Now you need to start up VirtualBox and boot your Virtual Machine. Once you have done this, go to the "Devices" menu and select "Shared Folders." You should get the following window:

Shared Folder Dialog

Click on the Folder Icon on the right (the one with the plus sign on it). The "Add Share" window will open. You will have to enter a Folder Path (from what we created or selected earlier) and a name for the Shared Folder. Click the dropdown box for the Folder Path and click "Other." Navigate to your folder and press "OK." Now enter a name for the shared folder. I called mine "Shared," the same as the folder name. You now have two options. The first is to make the shared folder "Read-Only." This is important if you do not want the virtual machine to have the ability to change the files in the shared folder, only read or access them. The second option is "Make Permanent." This choice is useful if you do not want to have to set up this shared folder every time you boot the Virtual Machine (note if you set up the shared folder and then roll back to a previous snapshot, the stored folder will disappear as well. Set up another snapshot after you create the shared folder to ensure you do not have to setup the folder every time you restore). Your window should look something like this:

Shared Folder Options

Once you have selected your options, go ahead and click the "OK" button. This will create the Shared Folder. To access your shared folder from your physical machine, simply navigate to the folder and manipulate the files as you wish. From within the virtual machine, I recommend mounting the Shared Folder as a network drive.

Step 3: Access the Shared Folder from within your Virtual Machine

VirtualBox simply makes your shared folder look like a Network Share in Windows. Accessing it is the same as accessing any other shared network resource. The server name is "vboxsrv" and the share name is the name you selected when you set up the Shared Folder. For my example, I would access the folder by going to the "Run" command (or the start menu on Vista and 7) and typing in "\\vboxsrv\Shared" (without the quotes) as shown here:

Run Command

This will open up the shared folder. If you selected the "Read-Only" option, you will not be able to change the files or create new ones. Otherwise, your virtual machine will have access to this folder and anything you put into it will be available on both your physical and your virtual machine. To make this process easier, I recommend mapping the shared folder as a network drive. You can do this by opening up Explorer (Clicking on "My Computer") and going to the tools menu (in Vista and 7, click the "Alt" key on your keyboard to show the menus in explorer, it's a nifty trick). From the tools menu, select "Map Network Drive" as shown below:

Map Network Drive in Explorer

Select any drive letter you want and type in the same path we used earlier to get to your folder. Remember that the server is "vboxsrv" and the share name is the name you selected. I recommend using the "Reconnect at Logon" option (it's checked by default) so you will not have to do these steps each time you login to your virtual machine. My settings are shown below:

Map Network Drive Options

Click Next, and if all goes well you will have a new Network Drive in My computer:

My Computer with the Network Drive

This drive is the same as accessing your folder directly, and it is very useful for exchanging files between real and virtual machines.

Conclusion

We have covered how to setup a Shared Folder to share files between your host computer and your virtual machine. This can be useful when doing our malware analysis as we can transfer scan results and other files from one machine to another without compromising the security of either machine. Stay tuned for more articles in this series coming soon!

-Ryan

Comments for "Basic Malware Analysis And Removal Part 2: Shared Folders"


There are no comments

Leave a Reply

Note: You may leave any field blank if you choose to do so

Your Name:

E-Mail (will not be published):

Comment: