Discover Top Posts Tagged with #lab 1

Popular Recent

Lab 1

#lab 1 #my post #oc #original characters #original character #animation #flipaclip

Basic Static Analysis Lab #1

The Lab contained two files. Lab1.exe and Lab1.dll.

Programs used:

PEiD

PeBear

PeView

Dependency Walker

Questions from the Lab

1. When were the files compiled?

From using PEView and entering the IMAGE FILE_HEADER tab of both files it seems both files were compiled at 2010/12/19 16:16. The files only have a minute in difference between each other

2. Are there any indicators that either of these files is packed or obfuscated? What are the indicators?

From running PEiD it seems the file can be identified as ‘Microsoft Visual C++ 6.0′. The EP section also points to a .text file. It seems as though the file was not packed or obfuscated.

3. Do the imports hint at what the files might do?

This is when it gets interesting. The exe file seems to be manipulating files. It’s creating files and closing files. It’s also searching through files. As a guess, I would say that it searches for a file and replaces the file with a malicious replica.

The DLL is a bit of a surprise. It does not export anything.(I thought DLLs were meant to provide exported functions to other programs). Instead it imports Sleep and interestingly CreateProcessA.

4. Are there any host based indicators that can be checked on infected systems?

From reading the strings and looking at the imports it seems as though the program tries to mess with Kernel32.dll. With some research it seems that:

Kernel32.dll: handles memory management, input/output operations, and interrupts

MSVCRT.dll: containing standard C library functions such as printf, memcpy, and cos

I would look into systems and the Kernel.

5. What network based indicators could be used?

I can;t see how it uses the network. From the information I have gathered it seems as if it runs on the desktop.

6. What would you guess was the purpose of the program?

The program seems to want to mimic Kernel32.dll. It searches for files within the victim’s computer then writes to it. It could be replacing files in the victims computer. The DLLs purpose seems to be executing and creating processes.

Reflection

It seems as though I missed a vital bit of information by not running the string tool. The files contained an IP Address. It seems as though the files actually ‘create a backdoor’. The DLL hopes to stay unnoticed with a similar name to kernel.The exe scans looking for infected files to run. This program is studied more in depth in chapter 7.

It’s important that I utilize the string function for later exercises. The example is unusual we have an exe searching to run a DLL.

#lab 1 #malware #something awesome

“carmen” by Stromae is a thought provoking song, in my personal opinion. Stromae, who is an amazing lyricist, you could call him a poet I suppose, tells the story of “the twitter bird.” When translating the lyrics, we got an idea of the story he was trying to convey. Of course, it is not yet 100% clear to us, since our interpretation is our own, but he seems to be saying that the people of today are falling so in love with this app, that we kinda forget the world around us. Today’s society is so absorbed in this virtual world and I believe Stromae is saying that we will pay for it one day, because by the time we realize we love someone, we will have all died like rats, because we wasted our times being infatuated with ‘fake’ people.

#french 2 #lab 1

* Finish reflection

#French 2 #Lab 1

a title and a brief design log: one or two sentences about your findings, approach, or something fun you discovered or want to share. Do not title the post Lab 1 – use a descriptive title that embodies the work.

#lab 1

Étudiants

étudiant 1:

Bonjour. Je m’appelle Jean-Pierre.

Comment t’appelles-tu?

étudiant 2:

Salut, Je m'appelle Mike.

Comment vas-tu?

étudiant 1:

Très bien, merci. Et toi?

étudiant 2:

Pas mal. D’où es-tu?

étudiant 1:

Moi, je suis de Chico. Et toi?

étudiant 2:

Moi aussi, je suis de Chico.

étudiant 1:

C’est bon! J’ai une classe maintenant… salut.

étudiant 2:

Au revoir!

#Lab 1

Visit Original Link

#Double Dragon: Neon #Music #OST #Lab 1

Lab 1

#shannon leto #30 seconds to mars #crosseyed #lab 1

Basic Static Analysis Lab #1

The Lab contained two files. Lab1.exe and Lab1.dll.

Programs used:

PEiD

PeBear

PeView

Dependency Walker

Questions from the Lab

1. When were the files compiled?

From using PEView and entering the IMAGE FILE_HEADER tab of both files it seems both files were compiled at 2010/12/19 16:16. The files only have a minute in difference between each other

2. Are there any indicators that either of these files is packed or obfuscated? What are the indicators?

From running PEiD it seems the file can be identified as ‘Microsoft Visual C++ 6.0′. The EP section also points to a .text file. It seems as though the file was not packed or obfuscated.

3. Do the imports hint at what the files might do?

The DLL is a bit of a surprise. It does not export anything.(I thought DLLs were meant to provide exported functions to other programs). Instead it imports Sleep and interestingly CreateProcessA.

4. Are there any host based indicators that can be checked on infected systems?

From reading the strings and looking at the imports it seems as though the program tries to mess with Kernel32.dll. With some research it seems that:

Kernel32.dll: handles memory management, input/output operations, and interrupts

MSVCRT.dll: containing standard C library functions such as printf, memcpy, and cos

I would look into systems and the Kernel.

5. What network based indicators could be used?

I can;t see how it uses the network. From the information I have gathered it seems as if it runs on the desktop.

6. What would you guess was the purpose of the program?

Reflection

It’s important that I utilize the string function for later exercises. The example is unusual we have an exe searching to run a DLL.

#lab 1 #malware #something awesome

#lab 1

Trending Tags

Recently Viewed Tags

#lab 1