Lab 1-3 | Practical Malware Analysis
1. Upload the Lab01-03.exe file to http://www.VirusTotal.com/. Does it match any existing antivirus definitions?
2. Are there any indications that this file is packed or obfuscated? If so, what are these indicators? If the file is packed, unpack it if possible.
I am quite confident this sample is packed. So much missing data that we previously had, and also check our Virtual size vs Raw Data size. There’s no Raw Data size of all.
3. Do any imports hint at this program’s functionality? If so, which imports are they and what do they tell you?
4. What host- or network-based indicators could be used to identify this malware on infected machines?
Same as last questions, see you in some chapters!
2. Are there any indications that this file is packed or obfuscated? If so, what are these indicators? If the file is packed, unpack it if possible.
I am quite confident this sample is packed. So much missing data that we previously had, and also check our Virtual size vs Raw Data size. There’s no Raw Data size of all.
3. Do any imports hint at this program’s functionality? If so, which imports are they and what do they tell you?
I will admit I was kind of lost here, but the book offers a lot of help for this exercises.
So we will have to come back here in a few chapters.
4. What host- or network-based indicators could be used to identify this malware on infected machines?
Same as last questions, see you in some chapters!
Comments
Post a Comment