Forum Discussion

Jeff777's avatar
Jeff777
Icon for Bronze I rankBronze I
15 days ago

Malware Analysis: Tracking a LOLBins Campaign – Examination

I have completed all of the questions within this lab except for question 7 and question 13. Both of these questions appear to have something to do with execution of the 1st and 2nd downloaded files in the lab. I have successfully completed the deobfuscation of each file but I can not seem to execute the appropriate step(s) or action(s) to go to the correct answers for these last 2 questions. Any insight or guidance on what I'm missing / doing incorrectly and how to correct it would be greatly appreciated. I have provided a few screenshots for reference. Thanks in advance.



  • You need to enter a string for the first, and a number for the second question. Do not paste program code, but the actual string for question one. E.g. for a="b"+"c" the answer would be bc, not  "b"+"c".

    Note: Most likely there is a bug in the lab: The first question will be accepted only if the first "s" (111) is removed.

  • Thanks netcat. I was able to figure out the actual string for question 7 and the number for question 13. 👍