Forum Discussion

Bronze II

4 months ago

Solved

Practical Malware Analysis: Static Analysis question 18

for finding the exact name of the executable file. After dynamically overriding the function as shown in the briefing I cant seem to find any meaningful creation of the filename matching the p...

defensive cyber

help & support

immersive labs

CyberSharpe
3 months ago
You're seeing Microsoft Security Centre in your string. You want a file name that is trying to mimic Security Centre... famously in WannaCry.

Its also right in your C code you posted. Use the first 4 letters of that in strings and I bet you have the file name.

netcat

Silver III

4 months ago

The question is "What is the exact name of the executable file this malware adopts", and I can't see how this could be related to sprintf. The solution is right under your nose.

kevinh

Bronze II

4 months ago

for some reason typing in the variations of "s_%s_%s_security_00431330" does not seem to do anything? sprintf overriding is based on the brief to get the more accurate binary information. but the contents and variables directly from the sprintf seems to be wrong. where should I be going from the analyzing the function call, as the variables found are displayed as incorrect?

Forum Discussion

Practical Malware Analysis: Static Analysis question 18

Featured Places

Help & Support Forum

Related Content

Practical Malware Analysis: Static Analysis question 19

Practical Malware Analysis: .NET Encryption and Encoding

Malicious Document Analysis: Dropper Analysis

Help with Foundational Static Analysis: 64-Bit Analysis

Help with "Log Analysis: Web Log Analysis"

Recent Discussions

Foundational Static Analysis: API Analysis step 10

copy-paste-compromise-malicious-documents-analysis

Brute Ratel: Extracting Indicators of Compromise

Microsoft Defender for Cloud: Inventory, Resource Health and Recommendations.

Snort Rules: Ep.9 – Exploit Kits