Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

Task 3 Disassemble. ( postpone Task 3 to week 7 ) 1 . Disassemble lab 4 . exe with IDA and GHIDRA 2 . Does

Task 3 Disassemble. (postpone Task 3 to week 7)
1. Disassemble lab4.exe with IDA and GHIDRA
2. Does the disassemblers analysis determine a main subroutine? Where is it?
Hint: Use Ghidra and locate the entry function. Then use the decompile window to
confirm the main function. Note that the main function is in .text section
3. In IDA, use the Strings window to find the Magic bytes = string and then the 2 bytes
that get appended to the string before being printed out.
4. In GHIDRA, use the Defined Strings window to find the Magic bytes = string and
then the 2 bytes that get appended to the string before being printed out.
5. What is the purpose of this malware?
Hint: Search for readable strings and for youtube links. You can also use Process
Monitor and check events. This should help you understand what the malware is trying to
do
6. Is there anything that this malware does that could be used as a fingerprint to find it on
other systems?

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image_2

Step: 3

blur-text-image_3

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Database Systems A Practical Approach To Design Implementation And Management

Authors: THOMAS CONNOLLY

6th Edition

9353438918, 978-9353438913

More Books

Students also viewed these Databases questions