Practical Malware Analysis: Static Analysis question 18
for finding the exact name of the executable file.
After dynamically overriding the function as shown in the briefing
I cant seem to find any meaningful creation of the filename matching the patter provided in sprintf.
I am wondering if I should be overriding a different function? as I cant seem to find any meaningful leads when searching for references or traveling to the next data.
I also cant seem to find any leads from searching specifically for local_104 and unaff_EDI references as well.
You're seeing Microsoft Security Centre in your string. You want a file name that is trying to mimic Security Centre... famously in WannaCry.
Its also right in your C code you posted. Use the first 4 letters of that in strings and I bet you have the file name.