Labs

Lab 15-1

Analyze the sample found in the file Lab15-01.exe. This is a command-line program that takes an argument and prints “Good Job!” if the argument matches a secret code.

Questions

Q:

1. What anti-disassembly technique is used in this binary?

Q:

2. What rogue opcode is the disassembly tricked into disassembling?

Q:

3. How many times is this technique used?

Q:

4. What command-line argument will cause the program to print “Good Job!”?

Lab 15-2

Analyze the malware found in the file Lab15-02.exe. Correct all anti-disassembly countermeasures before analyzing the binary in order to answer the questions.

Questions

Q:

1. What URL is initially requested by the program?

Q:

2. How is the User-Agent generated?

Q:

3. What does the program look for in the page it initially requests?

Q:

4. What does the program do with the information it extracts from the page?

Lab 15-3

Analyze the malware found in the file Lab15-03.exe. At first glance, this binary appears to be a legitimate tool, but it actually contains more functionality than advertised.

Questions

Q:

1. How is the malicious code initially called?

Q:

2. What does the malicious code do?

Q:

3. What URL does the malware use?

Q:

4. What filename does the malware use?

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.145.188.160