Lab 20-3 Solutions
Several strings that look like error messages (
Error sending Http post,
Error sending Http get,
Error reading response, and so on) tell us that this program will be using HTTP
POSTcommands. We also see HTML paths (
/srv.html, /put.html, and so on), which hint at the files that this malware will attempt to open.
WS2_32imports tell us that this program will be communicating over the network. An import to
CreateProcesssuggests that this program may launch another process.
The function called at 0x4036F0 does not take any parameters other than the string, but ECX contains the
thispointer for the object. We know the object that contains the function is an exception object because that object is later ...