Labs
Lab 17-1
Analyze the malware found in Lab17-01.exe inside VMware. This is the same malware as Lab07-01.exe, with added anti-VMware techniques.
Note
The anti-VM techniques found in this lab may not work in your environment.
Questions
Q: | 1. What anti-VM techniques does this malware use? |
Q: | 2. If you have the commercial version of IDA Pro, run the IDA Python script from Example 17-4 in Chapter 17 (provided here as findAntiVM.py). What does it find? |
Q: | 3. What happens when each anti-VM technique succeeds? |
Q: | 4. Which of these anti-VM techniques work against your virtual machine? |
Q: | 5. Why does each anti-VM technique work or fail? |
Q: | 6. How could you disable these anti-VM techniques and get the malware to run? |
Lab 17-2
Analyze the malware found in the file Lab17-02.dll ...
Get Practical Malware Analysis now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
