1. Which strings do you see when using static analysis on the binary?

2. What happens when you run this binary?

3. How must you rename the sample in order for it to run properly?

4. Which anti-debugging techniques does this malware employ?

5. For each technique, what does the malware do if it determines it is running in a debugger?

6. Why are the anti-debugging techniques successful in this malware?

7. What domain name does this malware use?