Lab 9-2 (1)

docx

School

Florida International University *

*We aren’t endorsed by this school

Course

4804

Subject

Information Systems

Date

Apr 3, 2024

Type

docx

Pages

5

Uploaded by ProfessorMetal2935

Report
Lab 9-2 Analyze the malware found in the file Lab09-02.exe using OllyDbg to answer the following questions. Questions 1. What strings do you see statically in the binary?
2. What happens when you run this binary? The program instantly closes 3. How can you get this sample to run its malicious payload? Renaming it to ocl.exe 4. What is happening at 0x00401133?
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
string were being passed as one by one characters, so we couldn’t see them in string view, the strings were 1qaz2wsz3edc, ocl.exe 5. What arguments are being passed to subroutine 0x00401089? a. Strin 1qaz2wx3edc and a pointer are passed to 0x401089 6. What domain name does this malware use? www.practicalmalwareanalysis.com 7. What encoding routine is being used to obfuscate the domain name? The malware encodes the DNS with XOR 8. What is the significance of the CreateProcessA call at 0x0040106E?
Sets up cmd to showWindow = 0 so the user won notice the reverse shell being accessed

Related Documents

SU_ITS1103_W4_Project_Keegan_D.docx
HLT 520-Topic 5 DQ 1.docx
Ebooks - Cengage eReader 18.pdf
IMG_0755.jpeg
IMG_0755.jpeg
Mod-4-asssignment.docx
Chapter 3 - Risk Management and Internal Controls - Student.docx
Ethical Hacking-Assignment 13.docx
IDS 402 7-1 Final Project Physical Fitness.docx
Sp24_Assignment4_Solution.docx
IDS 402 6-2 Activity Reflection Society.docx
Ethical Hacking-Assignment 14.docx