Topshiriq. Lab05-01. dll faylini tahlil qiling va quyidagi savollarga javob bering:
What strings do you see statically in the binary? The imports and the string cmd are the only interesting strings that appear statically in the binary.
(Binaryda qaysi satrlarni turg’un ko’rish mumkin? Importlanganlar va cmd satri binary da mavjud yagona qiziqarli satrlardir. )
What happens when you run this binary? It terminates without doing much.
(Bu binary ni ishga tushirganda nima sodir bo’ladi? U tezda yakunlanadi. )
How can you get this sample to run its malicious payload? Rename the file ocl. exe before you run it.
(Siz qanday qilib uning foydali yuklamasini ishga tushirish uchun bu misolni olishingiz mumkin? ocl. exe fayli nomini uni ishga tushirishdan avval o’zgartiring. )
What is happening at 0x00401133? A string is being built on the stack, which is used by attackers to obfuscate strings from simple strings utilities and basic static analysis techniques.
(0x00401133 da nima sodir bo’lyapti? Hujumchilar tomonidan satrlarni oddiy satrlar utilitalari va asosiy static analiz texnikalarini shubhaga solish uchun ishlatiladigan uyumlar ustiga satrlar quriladi. )
What arguments are being passed to subroutine 0x00401089? The string 1qaz2wsx3edc and a pointer to a buffer of data are passed to subroutine 0x401089.
(0x00401089 ni qayta tartiblash uchun qaysi argumentlar orqali o’tiladi?
0x401089 ni qayta tartiblash sanasi buferi ko’rsatmasi va 1qaz2wsx3edc satri. )
What domain name does this malware use? The malware uses the domain practicalmalwareanalysis. com.
Do'stlaringiz bilan baham: |
