Lab 6-1 | Practical Malware Analysis


1. What is the major code construct found in the only subroutine called by main?
As we can see, the major code construct here is an if statement. IF the last comparison is not zero, it will go to the left box, IF is zero, to the right one.

2. What is the subroutine located at 0x40105F?

It’s quite difficult to understand what’s going in that subroutine, not a lot of definite things are being exposed in there, so we mainly get out conclusions from the context.


Because it’s called after the strings are pushed onto the stack, we’ll say this is the print function.

3. What is the purpose of this program?

From the strings and just the static analysis seen in the last image, this looks like it’s checking if there’s internet connection.

After we execute it, we can read the string it shows in the image. It’s strange however, because i said I have internet connection when I have none.



Comments

Popular Posts