Created by SMN666
Task 1:
No answer needed.
Task 2:
What is the famous example of a targeted attack-esque Malware that targeted Iran?
Stuxnet
What is the name of the Ransomware that used the Eternalblue exploit in a “Mass Campaign” attack?
Wannacry
Task 3:
Name the first essential step of a Malware Attack?
Delivery
Now name the second essential step of a Malware Attack?
Execution
What type of signature is used to classify remnants of infection on a host?
Host-Based Signatures
What is the name of the other classification of signature used after a Malware attack?
Network-Based Signatures
Task4:
No answer needed.
Task 5:
No answer needed.
Task 6:
No answer needed.
Task 7:
The MD5 Checksum of aws.exe
D2778164EF643BA8F44CC202EC7EF157
The MD5 Checksum of Netlogo.exe
59CB421172A89E1E16C11A428326952C
The MD5 Checksum of vlc.exe
5416BE1B8B04B1681CB39CF0E2CAAD9F
Task 8:
Does Virustotal report this MD5 Checksum / file aws.exe as malicious? (Yay/Nay)
Nay
Does Virustotal report this MD5 Checksum / file Netlogo.exe as malicious? (Yay/Nay)
Nay
Does Virustotal report this MD5 Checksum / file vlc.exe as malicious? (Yay/Nay)
Nay
Task 9:
What does PeID propose 1DE9176AD682FF.dll being packed with?
Microsoft Visual C++ 6.0 DLL
What does PeID propose AD29AA1B.bin being packed with?
Microsoft Visual C++ 6.0
Task 10:
What packer does PeID report file “6F431F46547DB2628” to be packed with?
FSG 1.0 -> dulek/xt
Task 11:
No answer needed.
Task 12:
What is the URL that is outputted after using “strings”
practicalmalwareanalysis.com
How many unique “Imports” are there?
5
Task 13:
How many references are there to the library “msi” in the “Imports” tab of IDA Freeware for “install.exe”
9
Task 14:
What is the MD5 Checksum of the file?
f5bd8e6dc6782ed4dfa62b8215bdc429
Does Virustotal report this file as malicious? (Yay/Nay)
Yay
Output the strings using Sysinternals “strings” tool.
What is the last string outputted?
d:h:
What is the output of PeID when trying to detect what packer is used by the file?
Nothing found
Task 15:
No answer needed.
Thanks you ^_^