Mavzu: : Zararkunanda dasturlarning murakkablashgan dinamik


Download 441.83 Kb.
bet6/6
Sana01.04.2023
Hajmi441.83 Kb.
#1318274
1   2   3   4   5   6
Bog'liq
Mavzu 4Б

(Bu zararkunanda dastur qaysi domen nomidan foydalanadi? Bu zarakunanda dastur practicalmalwareanalysis. com domenidan foydalanadi. )

  1. What encoding routine is being used to obfuscate the domain name? The malware will XOR the encoded DNS name with the string 1qaz2wsx3edc to decode the domain name.

(Domen nomini almashtirishda qaysi shablondan foydalniladi? Zararkunanda dastur shifrlangan DNS nomini 1qaz2wsx3edc satrga qayta shifrlashda XOR dan foydalanadi. )

  1. What is the significance of the CreateProcessA call at 0x0040106E? The malware is setting the stdout, stderr, and stdin handles (used in the STARTUPINFO structure of CreateProcessA) to the socket. Since CreateProcessA is called with cmd as an argument, this will create a reverse shell by tying the command shell to the socket

(CreateProcessA ning 0x0040106E ni chaqirishdagi ahamiyati qanday?


Zararli dastur stdout, stderr va stdin (CreateProcessA strukturasi STARTUPINFO

da ishlatiladi) ni yacheykaga joylashtiradi. CreateProcessA cmd deb argument sifatida nomlangandan buyon u zahira qobig’ini yarata boshladi. )


Foydalanilgan adabiyotlar


  1. Practical Malware Analysis. Copyright © 2012 by Michael Sikorski and Andrew Honig.

  2. S. K. G‘aniev, M. M. Karimov, K. A. Tashev Axborot xavfsizligi. “ALOQACHI” – 2008. -381 bet.

  3. Malware Analyst’s Cookbook and DVD: Tools and Techniques for Fighting Malicious Code, First Edition (2010): Michael Ligh, Steven Adair, Blake Hartstein, and Matthew Richard. ISBN-10: 0470613033, ISBN-13: 978-0470613030. Wiley Publications.

  4. Malware: Fighting Malicious Code: Ed Skoudis and Lenny Zeltser (2003). ISBN-10: 0131014056, ISBN-13: 978-0131014053. Prentice Hall Publications.

Download 441.83 Kb.

Do'stlaringiz bilan baham:
1   2   3   4   5   6




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©fayllar.org 2024
ma'muriyatiga murojaat qiling