Forum Discussion

Bronze II

27 days ago

Solved

Practical Malware Analysis: Static Analysis question 18

for finding the exact name of the executable file. After dynamically overriding the function as shown in the briefing I cant seem to find any meaningful creation of the filename matching the p...

defensive cyber

help & support

immersive labs

CyberSharpe
19 days ago
You're seeing Microsoft Security Centre in your string. You want a file name that is trying to mimic Security Centre... famously in WannaCry.

Its also right in your C code you posted. Use the first 4 letters of that in strings and I bet you have the file name.

netcat

Silver II

24 days ago

The question is "What is the exact name of the executable file this malware adopts", and I can't see how this could be related to sprintf. The solution is right under your nose.

kevinh
Bronze II
20 days ago
for some reason typing in the variations of "s_%s_%s_security_00431330" does not seem to do anything? sprintf overriding is based on the brief to get the more accurate binary information. but the contents and variables directly from the sprintf seems to be wrong. where should I be going from the analyzing the function call, as the variables found are displayed as incorrect?

Forum Discussion

Practical Malware Analysis: Static Analysis question 18

Featured Places

Help & Support Forum

Related Content

Practical Malware Analysis: Static Analysis question 19

Practical Malware Analysis: .NET Encryption and Encoding

Malicious Document Analysis: Dropper Analysis

Malicious Document Analysis: Dropper Analysis

Help with "Log Analysis: Web Log Analysis"

Recent Discussions

Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"

Radare2 Reverse Engineering: Ep.1 – Windows Binary Part 1

Autopsy Ep 3: Tags, Comments and Reports

Active Directory Basics: Demonstrate Your Skills

Secure Testing: SQL Injection