Labs

Lab 5-1

Analyze the malware found in the file Lab05-01.dll using only IDA Pro. The goal of this lab is to give you hands-on experience with IDA Pro. If you’ve already worked with IDA Pro, you may choose to ignore these questions and focus on reverse-engineering the malware.

Questions

Q:	1. What is the address of `DllMain`?
Q:	2. Use the Imports window to browse to `gethostbyname`. Where is the import located?
Q:	3. How many functions call `gethostbyname`?
Q:	4. Focusing on the call to `gethostbyname` located at 0x10001757, can you figure out which DNS request will be made?
Q:	5. How many local variables has IDA Pro recognized for the subroutine at 0x10001656?
Q:	6. How many parameters has IDA Pro recognized for the subroutine at 0x10001656?
Q:	7. Use the Strings ...

Get Practical Malware Analysis now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Practical Malware Analysis by Michael Sikorski, Andrew Honig

Labs

Lab 5-1

Questions

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly