Lab 7-1 Solutions
This program creates the service
MalServiceto ensure that it runs every time the computer is started.
The program uses a mutex to ensure that only one copy of the program is running at a time.
We could search for a mutex named
HGL345and for the service
The malware uses the user-agent Internet Explorer 8.0 and communicates with www.malwareanalysisbook.com.
This program waits until midnight on January 1, 2100, and then sends many requests to http://www.malwareanalysisbook.com/, presumably to conduct a distributed denial-of-service (DDoS) attack against the site.
This program will never finish. It waits on a timer until the year 2100, and then creates 20 threads, each of which runs in an infinite loop.