Labs

Lab 20-1

The purpose of this first lab is to demonstrate the usage of the this pointer. Analyze the malware in Lab20-01.exe.

Questions

Q:

1. Does the function at 0x401040 take any parameters?

Q:

2. Which URL is used in the call to URLDownloadToFile?

Q:

3. What does this program do?

Lab 20-2

The purpose of this second lab is to demonstrate virtual functions. Analyze the malware in Lab20-02.exe.

Note

This program is not dangerous to your computer, but it will try to upload possibly sensitive files from your machine.

Questions

Q:

1. What can you learn from the interesting strings in this program?

Q:

2. What do the imports tell you about this program?

Q:

3. What is the purpose of the object created at 0x4011D9? Does it have any virtual ...

Get Practical Malware Analysis now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.