Labs

You’ll need a 64-bit computer and a 64-bit virtual machine in order to run the malware for these labs, as well as the advanced version of IDA Pro in order to analyze the malware.

Lab 21-1

Analyze the code in Lab21-01.exe. This lab is similar to Lab 9-2 Solutions, but tweaked and compiled for a 64-bit system.

Questions

Q:	1. What happens when you run this program without any parameters?
Q:	2. Depending on your version of IDA Pro, `main` may not be recognized automatically. How can you identify the call to the `main` function?
Q:	3. What is being stored on the stack in the instructions from 0x0000000140001150 to 0x0000000140001161?
Q:	4. How can you get this program to run its payload without changing the filename of the executable?
Q:	5. Which two strings ...

Get Practical Malware Analysis now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Practical Malware Analysis by Michael Sikorski, Andrew Honig

Labs

Lab 21-1

Questions

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly