Lab 7-1 Solutions

Short Answers

  1. This program creates the service MalService to ensure that it runs every time the computer is started.

  2. The program uses a mutex to ensure that only one copy of the program is running at a time.

  3. We could search for a mutex named HGL345 and for the service MalService.

  4. The malware uses the user-agent Internet Explorer 8.0 and communicates with www.malwareanalysisbook.com.

  5. This program waits until midnight on January 1, 2100, and then sends many requests to http://www.malwareanalysisbook.com/, presumably to conduct a distributed denial-of-service (DDoS) attack against the site.

  6. This program will never finish. It waits on a timer until the year 2100, and then creates 20 threads, each of which runs in an infinite loop.

Detailed ...

Get Practical Malware Analysis now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.