book

Learning Malware Analysis

by Monnappa K A

June 2018

Beginner

510 pages

13h 7m

English

Packt Publishing

Read now

Unlock full access

Content preview from Learning Malware Analysis

Example 3 – Analyzing a DLL Accepting Export Arguments

The following example shows how you can analyze a DLL that accepts export arguments. The DLL used in this example was delivered via powerpoint, as described in this link: https://securingtomorrow.mcafee.com/mcafee-labs/threat-actors-use-encrypted-office-binary-format-evade-detection/.

The DLL (SearchCache.dll) consists of an export function, _flushfile@16, whose functionality is to delete a file. This export function accepts an argument, which is the file to delete:

To demonstrate the delete functionality, a test file (file_to_delete.txt) was created, and the monitoring tools were launched. ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Practical Malware Analysis

Michael Sikorski, Andrew Honig

Malware Analysis Techniques

Dylan Barker

Mastering Malware Analysis

Alexey Kleymenov, Amr Thabet

Evasive Malware

Kyle Cucci

Publisher Resources

ISBN: 9781788392501Other