Shulou(Shulou.com)06/02 Report--

This article will explain in detail how to use OAlabs-VM installer to install and configure a FREE Windows 7 VM. The editor thinks it is very practical, so I share it with you for reference. I hope you can get something after reading this article.

Install Virtual Box

Here I will use VirtualBox, a free and open source virtual machine software. In order to make it easier for you to study, I suggest you also use VirtualBox. Of course, if you are used to using VM, then there is no problem.

First, let's download and install VirtualBox: https://www.virtualbox.org/wiki/Downloads.

Install FREE Windows 7 VM

The main purpose of OALabs-VM installer is to run on FREE VM provided by Microsoft for testing Edge Web browsers. Although we only tested it on free VM, the installer can support running on any 32-bit Windows 7 VM. Here we choose to use 32bit Windows 7, which makes it easier for us to debug (most windows malware is 32-bit).

The free Microsoft VM license is valid for 90 days. We can create snapshots during installation and restore snapshots after expiration, so that we can use them indefinitely.

Navigate to the Microsoft VM download page: https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/ and select the following VM configuration from the drop-down menu:

IE11 on Win7 (x86)

VirtualBox

Download the .zip file and extract it to your host. The zip folder should contain .ova files.

Next, we open VirtualBox and select File- > Import Appliance. Select the path to the .ova file we just extracted and click Continue. Then, the system will ask you to select appliance settings, it is recommended that you set the number of CPU to 2, and the rest can be set by default.

Finally, click "Import" to import VM. We may have to wait for a while here.

After the VM is successfully imported, before starting, let's create a snapshot backup. We can name the backup Clean Install.

After the creation is completed, we start VM and register the license as follows:

Start VM

Ignore any prompts to restart VM and select "Restart Later"

Write down the user name and password

Usually IEUser:Passw0rd!

Open cmd.exe and enter slmgr / ato to activate the 90-day license

Wait for the confirmation pop-up window to be activated and close it

PRO-TIP: if you want to use the clipboard to copy text between the host and VM, you can enable this feature in Settings- > Advanced- > Shared Clipboard. But it's important to remind you that if the malware you analyze in VM can steal data from the clipboard, be sure to disable this feature.

Install OALabs-VM tools

It takes three simple steps to install the OALabs-VM tool. First, open Internet Explorer in VM and browse to OALabs Boxstarter gist: https://gist.github.com/OALabs/cad8d9489245f3f96d9669f56d2877f. The gist contains a Powershell script that starts the installer process. Click the Raw button in the github interface, and then select File- > Save As..., in Internet Explorer to download the script as a text file.

Make sure that the script file is saved to the desktop in .txt format and close Internet Explorer.

Locate the saved file and change the file extension to .ps1. Then right-click the file and select Run with PowerShell. This will start installer.

The installation process may take some time because it requires multiple packages to be downloaded. VM may automatically restart multiple times during installation. Some packages may also pop up the query box, we just need to click OK with the default settings. After the installation is complete, the script will prompt you to click Enter to complete the installation and close the PowerShell window.

After PRO-TIP:OALabs-VM installation is complete, you should create another snapshot backup and name it Clean With Tools.

Overview of OALabs tools

OALabs-VM installer will only install a few tools for us to use in the tutorial. But the installer also installs the Chocolatey package manager for us, so you can easily install other software from the Chocolatey software library. Here are some basic introductions to the OALabs-VM tool.

Checksum

Checksum is a command-line tool that can be used to display the checksum hash of a file. For example, checksum-t sha256 will show us the SHA256 hash of the file.

7zip

7-Zip is a completely free and open source compression software that has a higher compression ratio than other software but consumes more resources at the same time. The utility is installed in% programfiles%\ 7zip of VM and can be accessed from the start menu. For more details, see the 7zip website.

Process Explorer

Process explorer is a Windows system and application monitoring tool. Malware often uses the system process name to muddle through, so to judge whether the process is dangerous can not only look at the process name, but also trace the user name, path, command line and parameters. The system's built-in Task Manager cannot view detailed information, which can be done with the help of Process Explorer. For more details, see the Process Explorer website.

Resource Hacker

Resource Hacker is a free resource replacement tool to view, modify, add, delete and rename, extract Windows executables and resource files. For more details, see the Resource Hacker website.

HxD

HxD is a carefully designed fast hexadecimal editor. It also provides direct disk editing, memory modification, and processing of files of any size. Easy-to-use user interface, providing find, replace, export, checksum, byte data insertion, file shredding, split and merge files, statistical data distribution and other functions. For more details, see the HxD website.

Sublime Text 3

Sublime Text is a code editor and an advanced text editor for HTML and prose. For more details, see the Sublime Text website.

Google Chrome

There is no need to introduce this. I use it every day.

PEBear

PEBear is a PE viewer and editor developed by Hasherezade. You can access it in the start menu or dock it to the taskbar. For more details, see hasherezade's post on PEBear.

LordPE

Is a powerful PE file analysis, modification, shelling software. LordPE is the preferred tool for viewing file information in PE format, and you can modify the information. For instructions on how to use it, see LordPE's aldeid wiki post.

X64dbg (x32dbg)

X64dbg Chinese version is a powerful 64-bit system debugging tool, its main purpose is to help users manage their own system component parameters, support function operation program, you can load commands that need to be debugged from the function area of the computer line, it is convenient for you to use preset functions to quickly debug the corresponding strings, and at the same time you can quickly search for strings that you do not know where to save. You can access it in the start menu or dock it to the taskbar. For more details, see the x64dbg website.

Python2

The python we installed is standard 2.7and the environment variable has been set, so it can be used directly from the command line. In addition, we have installed the pip python package manager.

Strings.py

Strings.py is a python-based custom string tool written by Willi Ballenthin. The source code of the file can be obtained here.

Documentation tool

In addition, the following document analysis tools are installed.

Oletools

Offvis

Officemalscanner

Pdfid

Pdfparser

Pdfstreamdumper

Install FREE IDA Disassembler (x64)

As mentioned above, we have configured OALabs-VM installer to work with Windows 7 32bit VM. But the bad news is that the free version of the IDA disassembler only supports running on 64-bit Windows. This means that we have to configure a separate VM. Let's download the second FREE VM: https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/ from Microsoft again. This time we choose Windows 10 64bit VM.

Follow the same steps as FREE Windows 7 VM to import and configure Windows 10 64bit VM. Download and install the IDA disassembler: https://www.hex-rays.com/products/ida/support/download_freeware.shtml.

Install all the tools using FLARE-VM!

If you feel that the OAlabs-VM installer installation is still missing some of your favorite tools, you can use FLARE-VM install to install a larger set of analysis tools. There is also an excellent video tutorial from RingZeroLabs that will guide you through the installation of FREE Windows VM and FLARE-VM.

This is the end of this article on "how to install and configure a FREE Windows 7 VM using OAlabs-VM installer". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, please share it out for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.