Lab 16-3 Solutions
There aren’t many useful strings in the malware other than import functions and the strings
When you run this malware, it appears to do nothing other than terminate.
You must rename the malware to peo.exe for it to run properly.
This malware uses three different anti-debugging timing techniques:
QueryPerformanceCountercheck is successful, the malware modifies the string needed for the program to run properly. If the
GetTickCountcheck is successful, the malware causes an unhandled exception that crashes the program. If the
rdtsccheck is successful, the malware will attempt to delete itself from disk.
The anti-debugging timing checks are successful ...