basepic.blogg.se - Ollydbg debugging program launched by another program

k:%s h:%s p:%s per:%s: A format string (needs more context).

SOFTWARE\Microsoft \XPS: Registry key might be used by the malware to persist (we’ll explore this relation later).

cmd.exe: Launch command prompt on the compromised endpoint.

: URL might be used to communicate with the TA’s C2 server.

GET/DOWNLOAD/UPLOAD: Functions might indicate the functionality embedded within the program (possibly a backdoor?).

It was compiled on (as per the file-header)īasic string analysis shows us the following strings:.

Opening up the binary in PE Studio, we can find: I’m going to statically analyze the binary and see what information can be gathered without interacting with it. This malware was initially analyzed in the Chapter 3 labs using basic static and dynamic analysis techniques.Īnalysis: Let’s take this particular sample through our standard malware analysis process. Preface: Analyze the malware found in the file Lab09-01.exe using OllyDbg and IDA Pro to answer the following questions.

Once the basics were out of the way in Chapter eight, we shifted focus to using OllyDbg to fulfil our dynamic analysis objectives. Chapter Eight and Nine focused on dynamic analysis of programs.