![]() ![]()
Using the Malcode Analyst Pack we can view “strings” and see there’s plenty of them.ĭo any imports hint at what this malware does? If so, which imports are they? Answer 4Īnalysing Lab01-01.exe through Dependency Walker highlighted a number of interesting functions imported from KERNE元2.DLL, these were:īased on this we can infer that files would likely be searched for on the file system and files would be copied.Īnalysing Lab01-01.dll through Dependency Walker highlighted functions imported from KERNE元2.DLL, these were:īased on this we can infer that the dll would likely spawn a new process and sleep (pause execution) at some stage. Using PEview we can see the virtual size is close to the raw size of the files. Using PEiD we can identify them as being compiled with Microsoft Visual C++ 6.0. ![]() No, there’s no indicators these files are packed or obfuscated due to the following: Lab01-01.dll compile time - Sunday 16:16:38 UTC Question 3Īre there any indications that either of these files is packed or obfuscated? If so, what are these indicators? Answer 3 Lab01-01.exe compile time - Sunday 16:16:19 UTC The information is found under: IMAGE_NT_HEADERS > IMAGE_FILE_HEADER > Time Date Stamp Using PEview we are able to view this information. At the time of writing both matched existing antivirus signatures: Using the Malcode Analyst Pack we are able to perform this by simply right clicking the files and selecting VirusTotal. Does either file match any existing antivirus signatures? Answer 1 Upload the files to and view the reports. Use the tools and techniques described in the chapter to gain information about the files and answer the questions below. This lab uses the files Lab01-01.exe and Lab01-01.dll. This details analysis undertaken and answers to the lab questions in Chapter 1. Pale moon ebony guitar picks windows#In this instance a single Windows XP VM was used through Vmware Workstation instead. Virtualbox has been used for virtualisation, except in cases where Vmware was required to complete the questions (Chapter 17). Pale moon ebony guitar picks windows 10#
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |