Task $3$ Disassemble. $($postpone Task $3$ to week $7)$

$1.$ Disassemble lab$4.$exe with IDA and GHIDRA

$2.$ Does the disassembler$$s analysis determine a $$main$$ subroutine? Where is it$?$

Hint: Use Ghidra and locate the entry function. Then use the decompile window to

confirm the main function. Note that the main function is in $.$text section

$3.$ In IDA, use the $$Strings$$ window to find the $$Magic bytes $=$ string and then the $2$ bytes

that get appended to the string before being printed out.

$4.$ In GHIDRA, use the $$Defined Strings$$ window to find the $$Magic bytes $=$ string and

then the $2$ bytes that get appended to the string before being printed out.

$5.$ What is the purpose of this malware?

Hint: Search for readable strings and for $$youtube$$ links. You can also use Process

Monitor and check events. This should help you understand what the malware is trying to

do

$6.$ Is there anything that this malware does that could be used as a fingerprint to find it on

other systems?