Basic Malware Analysis And Removal Part 2: Shared Folders
Posted 5/10/2010 8:04:04 PM
This is the second post in the "Basic Malware Analysis And
Removal" series. Click Here to view the first post: Setting up a
Virtual Environment In our first post we covered the basics of
setting up a VirtualBox Virtual Machine with snapshots configured
to remove the need to reformat the computer every time you want to
undo a change. In this next post I'll go over the basics of setting
up a "Shared Folder" so that you can share files between your
physical computer and the Guest Virtual Machine.
Prerequisites: I am expecting you to have a Windows (XP,
Vista, or 7) Virtual Machine setup in VirtualBox with the Guest
Additions software installed. If you do not have any of these,
please visit my last post to learn how to set everything up.
Step 1: Create the folder to share
In order to share files between your real and virtual computers,
you first have to decide where these files will be stored. Simply
select or create a folder anywhere on your physical machine and
remember where it is. In this example, I'm using a folder called
"Shared" that I have on my desktop.
Step 2: Create the Shared Folder in VirtualBox
Now you need to start up VirtualBox and boot your Virtual Machine.
Once you have done this, go to the "Devices" menu and select
"Shared Folders." You should get the following window:
Click on the Folder Icon on the right (the one with the plus sign
on it). The "Add Share" window will open. You will have to enter a
Folder Path (from what we created or selected earlier) and a name
for the Shared Folder. Click the dropdown box for the Folder Path
and click "Other." Navigate to your folder and press "OK." Now
enter a name for the shared folder. I called mine "Shared," the
same as the folder name. You now have two options. The first is to
make the shared folder "Read-Only." This is important if you do not
want the virtual machine to have the ability to change the files in
the shared folder, only read or access them. The second option is
"Make Permanent." This choice is useful if you do not want to have
to set up this shared folder every time you boot the Virtual
Machine (note if you set up the shared folder and then roll back to
a previous snapshot, the stored folder will disappear as well. Set
up another snapshot after you create the shared folder to ensure
you do not have to setup the folder every time you restore). Your
window should look something like this:
Once you have selected your options, go ahead and click the "OK"
button. This will create the Shared Folder. To access your shared
folder from your physical machine, simply navigate to the folder
and manipulate the files as you wish. From within the virtual
machine, I recommend mounting the Shared Folder as a network drive.
Step 3: Access the Shared Folder from within your Virtual
VirtualBox simply makes your shared folder look like a Network
Share in Windows. Accessing it is the same as accessing any other
shared network resource. The server name is "vboxsrv" and the share
name is the name you selected when you set up the Shared Folder.
For my example, I would access the folder by going to the "Run"
command (or the start menu on Vista and 7) and typing in
"\\vboxsrv\Shared" (without the quotes) as shown here:
This will open up the shared folder. If you selected the
"Read-Only" option, you will not be able to change the files or
create new ones. Otherwise, your virtual machine will have access
to this folder and anything you put into it will be available on
both your physical and your virtual machine. To make this process
easier, I recommend mapping the shared folder as a network drive.
You can do this by opening up Explorer (Clicking on "My Computer")
and going to the tools menu (in Vista and 7, click the "Alt" key on
your keyboard to show the menus in explorer, it's a nifty trick).
From the tools menu, select "Map Network Drive" as shown
Select any drive letter you want and type in the same path we used
earlier to get to your folder. Remember that the server is
"vboxsrv" and the share name is the name you selected. I recommend
using the "Reconnect at Logon" option (it's checked by default) so
you will not have to do these steps each time you login to your
virtual machine. My settings are shown below:
Click Next, and if all goes well you will have a new Network Drive
in My computer:
This drive is the same as accessing your folder directly, and it is
very useful for exchanging files between real and virtual machines.
We have covered how to setup a Shared Folder to share files between
your host computer and your virtual machine. This can be useful
when doing our malware analysis as we can transfer scan results and
other files from one machine to another without compromising the
security of either machine. Stay tuned for more articles in this
series coming soon!