Labs

Lab 3-1

Analyze the malware found in the file Lab03-01.exe using basic dynamic analysis tools.

Q:	1. What are this malware’s imports and strings?
Q:	2. What are the malware’s host-based indicators?
Q:	3. Are there any useful network-based signatures for this malware? If so, what are they?

Analyze the malware found in the file Lab03-02.dll using basic dynamic analysis tools.

Q:	1. How can you get this malware to install itself?
Q:	2. How would you get this malware to run after installation?
Q:	3. How can you find the process under which this malware is running?
Q:	4. Which filters could you set in order to use procmon to glean information?
Q:	5. What are the malware’s host-based indicators?
Q:	6. Are there any useful network-based signatures for this malware?

Execute the malware found in the file Lab03-03.exe while monitoring it using basic dynamic analysis tools in a safe environment.

Q:	1. What do you notice when monitoring this malware with Process Explorer?
Q:	2. Can you identify any live memory modifications?
Q:	3. What are the malware’s host-based indicators?
Q:	4. What is the purpose of this program?

Analyze the malware found in the file Lab03-04.exe using basic dynamic analysis tools. (This program is analyzed further in the Chapter 9 labs.)

Q:	1. What happens when you run this file?
Q:	2. What is causing the roadblock in dynamic analysis?
Q:	3. Are there other ways to run this program?

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.