Firstly, let's open the file in Pestudio and check for useful information such as strings and imports. Due to this fact, I'm going to analyze this malware "from scratch" without jumping directly into "Advanced Static Analysis". The above question isn't just about loading the malicious program into IDA and reading the code. When will this program finish executing?ġ) How does this program ensure that it continues running (achieves persistence) when the computer is restarted? What is a good network-based signature for detecting this malware?Ħ. What is a good host-based signature to use for detecting this program?Ĥ. How does this program ensure that it continues running (achieves persistence) when the computer is restarted?ģ. Without further ado, I bring to you my solutions for the labs. As the title suggests, "Analyzing malicious Windows programs" chapter is all about the Windows OS internals useful primarily for the malware writers and thus for malware analysts too. I'm sure that the labs will be as exciting as the whole chapter and I'm looking forward to solving them. The information and tricks presented in this part of the amazing lecture made me happy. I have to tell you that this chapter was the best that I've read since the beginning of the book.
0 kommentar(er)
