(Bu zararkunanda dastur qaysi domen nomidan foydalanadi? Bu zarakunanda dastur practicalmalwareanalysis. com domenidan foydalanadi. )
What encoding routine is being used to obfuscate the domain name? The malware will XOR the encoded DNS name with the string 1qaz2wsx3edc to decode the domain name.
(Domen nomini almashtirishda qaysi shablondan foydalniladi? Zararkunanda dastur shifrlangan DNS nomini 1qaz2wsx3edc satrga qayta shifrlashda XOR dan foydalanadi. )
What is the significance of the CreateProcessA call at 0x0040106E? The malware is setting the stdout, stderr, and stdin handles (used in the STARTUPINFO structure of CreateProcessA) to the socket. Since CreateProcessA is called with cmd as an argument, this will create a reverse shell by tying the command shell to the socket
(CreateProcessA ning 0x0040106E ni chaqirishdagi ahamiyati qanday?
Zararli dastur stdout, stderr va stdin (CreateProcessA strukturasi STARTUPINFO
da ishlatiladi) ni yacheykaga joylashtiradi. CreateProcessA cmd deb argument sifatida nomlangandan buyon u zahira qobig’ini yarata boshladi. )
Practical Malware Analysis. Copyright © 2012 by Michael Sikorski and Andrew Honig.
S. K. G‘aniev, M. M. Karimov, K. A. Tashev Axborot xavfsizligi. “ALOQACHI” – 2008. -381 bet.
Malware Analyst’s Cookbook and DVD: Tools and Techniques for Fighting Malicious Code, First Edition (2010): Michael Ligh, Steven Adair, Blake Hartstein, and Matthew Richard. ISBN-10: 0470613033, ISBN-13: 978-0470613030. Wiley Publications.
Malware: Fighting Malicious Code: Ed Skoudis and Lenny Zeltser (2003). ISBN-10: 0131014056, ISBN-13: 978-0131014053. Prentice Hall Publications.
Do'stlaringiz bilan baham: |