Scribd Logo
Upload

Welcome to Scribd!

  • Malware Analysis Lab 1

    Uploaded by

    jaracew614
    13 views3 pages
    This document provides instructions for analyzing three malware samples as part of a basic malware analysis lab. For each sample, analysts are asked to identify compilation dates, imported functions, strings of interest, behavioral analysis results, host-based and network signatures, and impediments to analysis, in order to determine the purpose of the malware.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides instructions for analyzing three malware samples as part of a basic malware analysis lab. For each sample, analysts are asked to identify compilation dates, imported functions, strings of interest, behavioral analysis results, host-based and network signatures, and impediments to analysis, in order to determine the purpose of the malware.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    13 views3 pages

    Malware Analysis Lab 1

    Uploaded by

    jaracew614
    This document provides instructions for analyzing three malware samples as part of a basic malware analysis lab. For each sample, analysts are asked to identify compilation dates, imported functions, strings of interest, behavioral analysis results, host-based and network signatures, and impediments to analysis, in order to determine the purpose of the malware.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 3

    Malware Analysis Lab

    Lab 01 Basic Analysis of Malware Sample

    Sample 1: Lab_01_1. exe

    1. When was this file compiled?

    2. List a few imports or sets of imports and describe how the malware might use them.

    a.

    b.

    c.

    3. What are a few strings that stick out to you and why?

    a.

    b.

    c.

    4. What happens when you run this malware? Is it what you expected and why?

    5. Name a procmon filter and why you used it.

    6. Are there any hostbased signatures? (Files, registry keys, processes or services, etc).

    If so, what are they?

    7. Are there any network based signatures? (URLs, packet contents. etc) If so, what are

    they?

    8. Is there anything that impeded your analysis? How so? How might you overcome this?

    9. What do you think is the purpose of this malware?

    Sample 2: Lab_01_2. exe malware

    1.What is the md5sum? What of interest does VirusTotal Report?

    2. List a few imports or sets of imports and describe how the malware might use them.

    a.

    b.
    c.

    3. What are a few strings that stick out to you and why?

    a.

    b.

    c.

    4. What happens when you run this malware? Is it what you expected and why?

    5. Name a procmon filter and why you used it.

    6. Are there any hostbased signatures? (Files, registry keys, processes or services, etc).

    If so, what are they?

    7. Are there any network based signatures? (URLs, packet contents. etc) If so, what are

    they?

    8. Is there anything that impeded your analysis? How so? How might you overcome this?

    9. What do you think is the purpose of this malware?

    Sample 3: Lab_01_3. exe malware

    1. Are there any indications that this malware is packed? What are they? What is it

    packed with?

    2. Are you able to unpack it? Why or why not?

    3. What are a few strings that stick out to you and why?

    a.

    b.

    c.

    4. What happens when you run this malware? Is it what you expected and why?

    5. Are there any hostbased signatures? (Files, registry keys, processes or services, etc).

    If so, what are they?

    6. Are there any network based signatures? (URLs, packet contents. etc) If so, what are
    they?

    7. Is there anything that impeded your analysis? How so? How might you overcome this?

    8. What do you think is the purpose of this malware?

    You might also like