Forum Discussion

kevinh

Bronze II

27 days ago

Solved

Practical Malware Analysis: Static Analysis question 18

for finding the exact name of the executable file.

After dynamically overriding the function as shown in the briefing

I cant seem to find any meaningful creation of the filename matching the patter provided in sprintf.

I am wondering if I should be overriding a different function? as I cant seem to find any meaningful leads when searching for references or traveling to the next data.

I also cant seem to find any leads from searching specifically for local_104 and unaff_EDI references as well.

defensive cyber

help & support

immersive labs

CyberSharpe
19 days ago
You're seeing Microsoft Security Centre in your string. You want a file name that is trying to mimic Security Centre... famously in WannaCry.

Its also right in your C code you posted. Use the first 4 letters of that in strings and I bet you have the file name.

3 Replies

netcat
Silver II
24 days ago
The question is "What is the exact name of the executable file this malware adopts", and I can't see how this could be related to sprintf. The solution is right under your nose.
- kevinh
  Bronze II
  20 days ago
  for some reason typing in the variations of "s_%s_%s_security_00431330" does not seem to do anything? sprintf overriding is based on the brief to get the more accurate binary information. but the contents and variables directly from the sprintf seems to be wrong. where should I be going from the analyzing the function call, as the variables found are displayed as incorrect?
CyberSharpe
Bronze III
19 days ago
You're seeing Microsoft Security Centre in your string. You want a file name that is trying to mimic Security Centre... famously in WannaCry.

Its also right in your C code you posted. Use the first 4 letters of that in strings and I bet you have the file name.

Forum Discussion

Practical Malware Analysis: Static Analysis question 18

3 Replies

Featured Places

Help & Support Forum

Related Content

Practical Malware Analysis: Static Analysis question 19

Practical Malware Analysis: .NET Encryption and Encoding

Malicious Document Analysis: Dropper Analysis

Malicious Document Analysis: Dropper Analysis

Help with "Log Analysis: Web Log Analysis"

Recent Discussions

Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"

Radare2 Reverse Engineering: Ep.1 – Windows Binary Part 1

Autopsy Ep 3: Tags, Comments and Reports

Active Directory Basics: Demonstrate Your Skills

Secure Testing: SQL Injection