Analyze the sample found in the file Lab15-01.exe. This is a
command-line program that takes an argument and prints “Good Job!” if the argument
matches a secret code.
Questions
Q:
1. What anti-disassembly technique is used in this binary?
Q:
2. What rogue opcode is the disassembly tricked into disassembling?
Q:
3. How many times is this technique used?
Q:
4. What command-line argument will cause the program to print “Good Job!”?
Lab 15-2
Analyze the malware found in the file Lab15-02.exe. Correct all
anti-disassembly countermeasures before analyzing the binary in order to answer the
questions.
Questions
Q:
1. What URL is initially requested by the program?
Q:
2. How is the User-Agent generated?
Q:
3. What does the program look for in the page it initially requests?
Q:
4. What does the program do with the information it extracts from the page?
Lab 15-3
Analyze the malware found in the file Lab15-03.exe. At first glance, this
binary appears to be a legitimate tool, but it actually contains more functionality than
advertised.