Labs
In these labs, we’ll use what we’ve covered in Chapter 19 to analyze samples inspired by real shellcode. Because a debugger cannot easily load and run shellcode directly, we’ll use a utility called shellcode_launcher.exe to dynamically analyze shellcode binaries. You’ll find instructions on how to use this utility in Chapter 19 and in the detailed analyses in Appendix C.
Lab 19-1
Analyze the file Lab19-01.bin using shellcode_launcher.exe.
Questions
Q: | 1. How is the shellcode encoded? |
Q: | 2. Which functions does the shellcode manually import? |
Q: | 3. What network host does the shellcode communicate with? |
Q: | 4. What filesystem residue does the shellcode leave? |
Q: | 5. What does the shellcode do? |
Lab 19-2
The file Lab19-02.exe contains a piece of shellcode that ...
Get Practical Malware Analysis now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
