This post is going to be a deviation from my usual topics; I’m in the midst of stepping through the Practical Malware Analysis book cover-to-cover and found one of the earliest steps – setting up your environment – to be laborious enough to warrant some documentation.
This will be a step-by-step for how I got my “victim” Windows XP machine running. Note: these instructions assume that you already have Virtualbox installed:
Through Google and other searches, I found an archived copy of Windows XP stored here. We’ll be downloading the *.ISO file. Note the Serial key that’s listed:
Within Virtualbox, select the Machine dropdown menu and click New. Give the new VM an arbitrary (but recognizable) name and select the following values:
For now, I left all the default settings for the box; much of what’s allocated can be altered later.
After the VM is instantiated, we’ll mount the ISO file by
- Selecting our VM and clicking the Settings button
- Clicking on the Storage menu
- Selecting the “Empty” storage device
- Clicking on the blue Disc icon dropdown menu and choosing “Choose a disc file”
- Selecting our ISO image
Afterwards, you’ll also want to ensure your NAT network is configured appropriately (in order to download other tools to the machine). Specifically, we want to ensure that your Adapter Type is Intel PRO/1000 T Server (82543GC). Per the documentation:
Windows XP recognizes this adapter without installing additional drivers.
After configuring everything in the previous step, Start the VM.
For the most part, we can just go with the default options that appear in the course of installation. Eventually, we’ll arrive at a screen that looks like this:
At this juncture, we want to enter the Serial Key that we noted back in step 1.
On the very next screen, enter in an appropriate Administrator password:
After this, continue going along with all of the default installation options (skipping over anything requiring you to register or check for updates; Windows XP is very, very old) until you arrive to this screen:
On this screen, we just need to register the username for our account. In this case, I’ve gone with “admin”.
The version of Internet Explorer that ships with Windows XP is so old that it can’t really browse the modern internet with TLS/SSL. To that end, we’re first going to install Virtualbox’s guest tools by select the Devices dropdown menu, then Insert Guest Additions CD. Navigating to My Computer will then show the tools ready to be run as Virtualbox Guest Additions:
Double click the tools to install them. Occasionally, we may come across error messages like this:
Just ignore the message and click “Continue Anyway”. This is likely to pop-up several times until installation is complete. Upon finishing, click “Finish” and allow the VM to reboot.
Having installed the tools, we’re now going to create a shared folder which we’ll use to pass content from our host machine to the Windows XP VM.
Navigating to My Computer should show the mapped folder as a Network Drive:
On our host machine, we’re going to go to this URL:
and download the installer executable.
We’ll move the executable to our shared folder and run it from the mapped drive in our Windows XP VM:
Perform all of the default installation steps, and you’ll now have a VM with internet connectivity and a web browser!