[go: up one dir, main page]
Scribd
Upload
18 views1 page

Basic Dynamic Analysis 7

The document discusses performing basic dynamic analysis on a Windows virtual machine. It describes opening an executable file in PEview to analyze imported DLLs and functions. It also details examining the file's strings for readable registry locations, URLs, and other clues. The document suggests dynamic analysis would be the best way to learn more since the file's strings are surprisingly readable.

Uploaded by

Sugita Jaya
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
18 views1 page

Basic Dynamic Analysis 7

The document discusses performing basic dynamic analysis on a Windows virtual machine. It describes opening an executable file in PEview to analyze imported DLLs and functions. It also details examining the file's strings for readable registry locations, URLs, and other clues. The document suggests dynamic analysis would be the best way to learn more since the file's strings are surprisingly readable.

Uploaded by

Sugita Jaya
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

5/25/24, 9:35 AM 5.

Basic Dynamic Analysis

5. Basic Dynamic Analysis


What you need:

A Windows 2008 Server virtual machine

NOTE: Windows 7 will not work for this project!


Recommended: the textbook: "Practical Malware Analysis"

Purpose
You will practice the techniques in chapter 3.

This project follows Lab 3-1 in the textbook.

Task 1. Basic Static Analysis


Using PEview
Open Lab03-01.exe in PEview. As shown below, the only DLL imported is kernel32.dll, and the only function imported is ExitProcess. That doesn't tell
us much--perhaps this malware is packed and the real imports will come at runtime.

Using Strings
Examine the strings in Lab03-01.exe and find these items, as shown below.

SOFTWARE\Classes\http\shell\open\commandV -- A registry location


www.practicalmalwareanalysis.com -- a URL
VideoDriver

These readable strings are surprising--if the malware were packed, the strings would not be readable. Something strange is going on, and the easiest way
to learn more is dynamic analysis.

Task 2. Preparing for Dynamic Analysis


https://samsclass.info/126/proj/pDC5.htm 1/7

You might also like