Analyze the malware found in the file Lab03-01.exe using basic
dynamic analysis tools.
Q: | 1. What are this malware’s imports and strings? |
Q: | 2. What are the malware’s host-based indicators? |
Q: | 3. Are there any useful network-based signatures for this malware? If so, what are
they? |
Analyze the malware found in the file Lab03-02.dll using basic dynamic
analysis tools.
Q: | 1. How can you get this malware to install itself? |
Q: | 2. How would you get this malware to run after installation? |
Q: | 3. How can you find the process under which this malware is running? |
Q: | 4. Which filters could you set in order to use procmon to glean information? |
Q: | 5. What are the malware’s host-based indicators? |
Q: | 6. Are there any useful network-based signatures for this malware? |
Execute the malware found in the file Lab03-03.exe while monitoring it
using basic dynamic analysis tools in a safe environment.
Q: | 1. What do you notice when monitoring this malware with Process Explorer? |
Q: | 2. Can you identify any live memory modifications? |
Q: | 3. What are the malware’s host-based indicators? |
Q: | 4. What is the purpose of this program? |
Analyze the malware found in the file Lab03-04.exe using basic dynamic
analysis tools. (This program is analyzed further in the Chapter 9 labs.)
Q: | 1. What happens when you run this file? |
Q: | 2. What is causing the roadblock in dynamic analysis? |
Q: | 3. Are there other ways to run this program? |
..................Content has been hidden....................
You can't read the all page of ebook, please click
here login for view all page.