Don't even run untrusted executables in a virtual machine! There have been several ways of breaking out of one, and there certainly will be more!

Why in the name of Satoshi would you run it at all?

You decompile untrusted executables, you don't run them.

Apparently the wallet stealer was some sort of super simple interpreted code this time and would only look for wallet.dat and upload it to the thieves this time, but next time it could very be much more advanced malware. Do not take stupid risks.