Labs
Lab 20-1
The purpose of
this first lab is to demonstrate the usage of the this pointer. Analyze the malware in Lab20-01.exe.
Questions
Q: |
1. Does the function at 0x401040 take any parameters? |
Q: |
2. Which URL is used in the
call to |
Q: |
3. What does this program do? |
Lab 20-2
The purpose of this second lab is to demonstrate virtual functions. Analyze the malware in Lab20-02.exe.
Note
This program is not dangerous to your computer, but it will try to upload possibly sensitive files from your machine.
Questions
Q: |
1. What can you learn from the interesting strings in this program? |
Q: |
2. What do the imports tell you about this program? |
Q: |
3. What is the purpose of the object created at 0x4011D9? Does it have any virtual ... |
Get Practical Malware Analysis now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
