What happends when a Malware is executed in wine

[gary4gar]

MY dad recently received a malware through email and he by mistake clicked on it & it got executed in wine. but nothing happened.

then again i ran the same virus via wine.
here is a log

:/tmp$ wine my_fotos.exe 
wine: Unhandled page fault on write access to 0x0042c188 at address 0x4010c7 (thread 0009), starting debugger...
Unhandled exception: page fault on write access to 0x0042c188 in 32-bit code (0x004010c7).
Register dump:
 CS:0073 SS:007b DS:007b ES:007b FS:0033 GS:003b
 EIP:004010c7 ESP:0034fb84 EBP:0034fba8 EFLAGS:00010216(   - 00      -RIAP1)
 EAX:00126500 EBX:00401840 ECX:0042c000 EDX:0042c188
 ESI:00400000 EDI:7b898f80
Stack dump:
0x0034fb84:  00008040 00000000 00000000 00000008
0x0034fb94:  00000008 00124500 0042b040 001244f8
0x0034fba4:  0042c000 0034fedc 0040165d 7ee4f860
0x0034fbb4:  7ee34764 0034fc78 7ed8ddba 0000c011
0x0034fbc4:  00000008 00000038 00000000 0034fc78
0x0034fbd4:  7df321fe 1290e909 00000001 00000000
Backtrace:
=>1 0x004010c7 in my_fotos (+0x10c7) (0x0034fba8)
  2 0x0040165d in my_fotos (+0x165d) (0x0034fedc)
  3 0x00432608 in my_fotos (+0x32608) (0x0034ff08)
  4 0x7b874c7e start_process+0xee(arg=0x0) [/build/buildd/wine-0.9.46/dlls/kernel32/process.c:839] in kernel32 (0x0034ffe8)
  5 0xb7e599d7 wine_switch_to_stack+0x17() in libwine.so.1 (0x00000000)
0x004010c7: movl        %eax,0x0(%edx)
Modules:
Module  Address                 Debug info      Name (44 modules)
PE        400000-  458000       Export          my_fotos
ELF     7b800000-7b929000       Dwarf           kernel32<elf>
  \-PE  7b820000-7b929000       \               kernel32
ELF     7bc00000-7bca0000       Deferred        ntdll<elf>
  \-PE  7bc10000-7bca0000       \               ntdll
ELF     7bf00000-7bf03000       Deferred        <wine-loader>
ELF     7d78f000-7d798000       Deferred        libxcursor.so.1
ELF     7d7a7000-7d7c4000       Deferred        imm32<elf>
  \-PE  7d7b0000-7d7c4000       \               imm32
ELF     7d7c4000-7d7ca000       Deferred        libxrandr.so.2
ELF     7d7ca000-7d7d2000       Deferred        libxrender.so.1
ELF     7d7d5000-7d7da000       Deferred        libxfixes.so.3
ELF     7dd8a000-7e89f000       Deferred        libglcore.so.1
ELF     7e89f000-7e943000       Deferred        libgl.so.1
ELF     7e943000-7e948000       Deferred        libxdmcp.so.6
ELF     7e948000-7e94b000       Deferred        libxau.so.6
ELF     7e94b000-7ea3c000       Deferred        libx11.so.6
ELF     7ea3c000-7ea4a000       Deferred        libxext.so.6
ELF     7ea4a000-7ea4f000       Deferred        libxxf86vm.so.1
ELF     7ea4f000-7ea67000       Deferred        libice.so.6
ELF     7ea67000-7ea6f000       Deferred        libsm.so.6
ELF     7ea7e000-7eb09000       Deferred        winex11<elf>
  \-PE  7ea90000-7eb09000       \               winex11
ELF     7eb89000-7eba9000       Deferred        libexpat.so.1
ELF     7eba9000-7ebd4000       Deferred        libfontconfig.so.1
ELF     7ebd4000-7ebe9000       Deferred        libz.so.1
ELF     7ebe9000-7ec59000       Deferred        libfreetype.so.6
ELF     7ec68000-7ecb1000       Deferred        advapi32<elf>
  \-PE  7ec70000-7ecb1000       \               advapi32
ELF     7ecb1000-7ed4c000       Deferred        gdi32<elf>
  \-PE  7ecc0000-7ed4c000       \               gdi32
ELF     7ed4c000-7ee8a000       Deferred        user32<elf>
  \-PE  7ed70000-7ee8a000       \               user32
ELF     7efa9000-7efb4000       Deferred        libnss_files.so.2
ELF     7efb4000-7efcc000       Deferred        libnsl.so.1
ELF     7efcc000-7eff1000       Deferred        libm.so.6
ELF     7eff6000-7f000000       Deferred        libnss_nis.so.2
ELF     b7cd0000-b7cd2000       Deferred        libnvidia-tls.so.1
ELF     b7cd2000-b7cdb000       Deferred        libnss_compat.so.2
ELF     b7cdc000-b7ce0000       Deferred        libdl.so.2
ELF     b7ce0000-b7e2a000       Deferred        libc.so.6
ELF     b7e2b000-b7e43000       Deferred        libpthread.so.0
ELF     b7e52000-b7f66000       Dwarf           libwine.so.1
ELF     b7f68000-b7f84000       Deferred        ld-linux.so.2
Threads:
process  tid      prio (all id:s are in hex)
00000008 (D) Z:\tmp\my_fotos.exe
        00000009    0 <==
gaurish@gaurish-desktop:/tmp$

Now is my wine install effected?

 

[Faun]

poor virus

 

[anarchist]

there was similar topic....
What would happen if you ran a windows virus using Wine?
*ubuntuforums.org/showthread.php?t=72598

 

[QwertyManiac]

You can try a Clamscan scan to detect if it got infected.

Gimme part of the output of your ls ~/.local/share/mime though

 

[gary4gar]

gaurish@gaurish-desktop:~$ ls ~/.local/share/mime
aliases      audio  image  mime.cache  subclasses  XMLnamespaces
application  globs  magic  packages    video

My bandwidth limit for today is over, so will install Clamscan during NU

 

[QwertyManiac]

What Malware was this?

 

[gary4gar]

no idea