Книга: Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
Назад: Conclusion
Дальше: 13. Data Encoding

, or use the file Lab12-03.exe.

Q:

1. What is the purpose of this malicious payload?

Q:

2. How does the malicious payload inject itself?

Q:

3. What filesystem residue does this program create?

Analyze the malware found in the file Lab12-04.exe.

Q:

1. What does the code at 0x401000 accomplish?

Q:

2. Which process has code injected?

Q:

3. What DLL is loaded using LoadLibraryA?

Q:

4. What is the fourth argument passed to the CreateRemoteThread call?

Q:

5. What malware is dropped by the main executable?

Q:

6. What is the purpose of this and the dropped malware?

Назад: Conclusion
Дальше: 13. Data Encoding

sss
sss

© RuTLib.com 2015-2018