30 Apr Part 3: Analyzing Malicious Windows Programs (Lab 7.1 from PMA) Complete all the steps mentioned in the below attached document for part 3 of this
Part 3: Analyzing Malicious Windows Programs (Lab 7.1 from PMA)
Complete all the steps mentioned in the below attached document for part 3 of this project:
Project part 3_ Analyzing Malicious Windows Programs.pdf
Part 4: Analyzing Code Constructs in Malware (Lab 6.1 from PMA)
Part 4 of this project is based on Lab 6-1 in "Practical Malware Analysis" textbook chapter 6.
Based on the knowledge gained in all previous lab assignments, you will have to complete lab 6-1
individually (with minimal or no supervision) by following the instructions given in Lab 6-1 in the
textbook. There are more detailed solutions in the back of the book.
1. Open and analyze the malware found in the file Lab06-01.exe using IDA Pro.
2. Answer all the questions (Q1 to Q3) found in Lab 6-1 in your own words.
3. List all the steps you followed in setting up the software environment and the screenshots captured
while analyzing the malware in IDA Pro (Hint: The steps that you list for Lab 6-1 should be something
similar to the steps that were given to you in all previous lab assignment instructions).
Submission Requirements for all four parts of the project:
Format: Microsoft Word
Font: Arial, 12-Point, Double-Space
Citation Style: APA
Length: Each part should have a minimum of 3 pages. So overall report size should be a minimum
of 6 pages (excluding title page and bibliography).
Project Part 3: Analyzing Malicious Windows Programs What you need:
A Windows machine, real or virtual with IDA Pro installed. Refer to Lab 7-1 instructions & solutions in "Practical Malware Analysis" textbook chapter 7.
Purpose
You will practice the techniques in chapter 7.
You should already have the lab files, but if you don't, do this:
Downloading the Lab Files
In a Web browser, go here:
http://practicalmalwareanalysis.com/labs/
Download and unzip the lab files. Downloading and Installing IDA Pro In your Windows machine, open a Web browser and go to https://www.hex-rays.com/products/ida/support/download_freeware.shtml Download "IDA Freeware" and install it.
Analyzing the Malware
Follow the instructions for Lab 7-1 in the textbook. There are more detailed solutions in the back of the book.
Open and analyze the malware found in the file Lab07-01.exe using IDA Pro. 1. Answer all the questions (Q1 to Q6) found in Lab 7-1 in your own words.
2. This malware uses a function named StartAddress to perform a DDoS attack.
When answering question 4 in Lab 7-1, you find the user agent it uses to perform the attack, and the URL it will attack.
Save a screen capture of the IDA Pro screen showing those two values, as shown below (with the important items grayed out).
3. You will see these features:
A persistence mechanism A mutex A host-based signature A network-based signature
Explain the above terms briefly in the context of this lab assignment. Deliverables: Please complete all steps mentioned in this document, and submit the lab report on Canvas. Make sure to capture screenshots for all steps and paste them in your lab report (word document).
