Lab 7-1 Solutions
Short Answers
This program creates the service
MalService
to ensure that it runs every time the computer is started.The program uses a mutex to ensure that only one copy of the program is running at a time.
We could search for a mutex named
HGL345
and for the serviceMalService
.The malware uses the user-agent Internet Explorer 8.0 and communicates with www.malwareanalysisbook.com.
This program waits until midnight on January 1, 2100, and then sends many requests to http://www.malwareanalysisbook.com/, presumably to conduct a distributed denial-of-service (DDoS) attack against the site.
This program will never finish. It waits on a timer until the year 2100, and then creates 20 threads, each of which runs in an infinite loop.
Detailed ...
Get Practical Malware Analysis now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.