Войти в систему
Войти с помощью соц. сетей:
The purpose of this first lab is to demonstrate the usage of the this pointer. Analyze the malware in Lab20-01.exe.
Q: | 1. Does the function at 0x401040 take any parameters? |
Q: | 2. Which URL is used in the call to |
Q: | 3. What does this program do? |
The purpose of this second lab is to demonstrate virtual functions. Analyze the malware in Lab20-02.exe.
This program is not dangerous to your computer, but it will try to upload possibly sensitive files from your machine.
Q: | 1. What can you learn from the interesting strings in this program? |
Q: | 2. What do the imports tell you about this program? |
Q: | 3. What is the purpose of the object created at 0x4011D9? Does it have any virtual functions? |
Q: | 4. Which functions could possibly be called by the |
Q: | 5. How could you easily set up the server that this malware expects in order to fully analyze the malware without connecting it to the Internet? |
Q: | 6. What is the purpose of this program? |
Q: | 7. What is the purpose of implementing a virtual function call in this program? |
This third lab is a longer and more realistic piece of malware. This lab comes with a configuration file named config.dat that must be in the same directory as the lab in order to execute properly. Analyze the malware in Lab20-03.exe.
Q: | 1. What can you learn from the interesting strings in this program? |
Q: | 2. What do the imports tell you about this program? |
Q: | 3. The function 0x4036F0 is called multiple times and each time it takes the string |
Q: | 4. What do the six entries in the switch table at 0x4025C8 do? |
Q: | 5. What is the purpose of this program? |
Войти с помощью соц. сетей: