LAB 2
docx
keyboard_arrow_up
School
Eastern Michigan University *
*We aren’t endorsed by this school
Course
427
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
5
Uploaded by ChancellorWombatPerson967
Step 1 - PEID
A.
Provide
screenshots
of PEiD, highlighting the
EP Section
and the
identified
compiler
for the two files.
B.
Does the PEiD indicate that the files are packed?
Yes, was packed.
Step 2 - Imports
Analyze the two files using either
Dependency Walker
or
CFF Explorer
or
any other tool of your choice to find the
total number of imports
in each.
Recall
that the term
imports
refers to the functions used from the
libraries,
not
the linked libraries themselves.
A.
What is the total number of imports in each
file?
Provide
screenshots
. 7 and 8
B.
Does the total number of imports in each sample indicate that the
malware is packed? Yes.
Step 3 - Sections Names
Analyze the files using either
PEView
or
CFF Explorer
and find the names
of the sections.
A.
Provide
screenshots
showing the identified names of the sections.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
B.
Are the names of the sections different from the typical names?
C.
What do you conclude based on the names with respect to the
samples being packed?
Step 4 - Sections Sizes
Analyze the files using
PEView
or
CFF Explorer
to find the
Virtual
Size
and the
Size of the raw data
for all the sections in each file.
A.
Provide the sizes (
virtual size and size of raw data
) for the
sections. You can either use a
screenshot
showing this information
or fill a table like the following.
B.
Do the sizes indicate the malware is packed? Justify by highlighting
the significant differences (2 times or more).
Step 5 - Unpacking
Try to unpack each of the files using
upx
. Recall that you need to
call
upx.exe
with the
-d
option.
A.
Were you successful in unpacking both files?