Practical Malware Analysis: Static Analysis question 18

Question

for finding the exact name of the executable file.

After dynamically overriding the function as shown in the briefing

I cant seem to find any meaningful creation of the filename matching the patter provided in sprintf.

I am wondering if I should be overriding a different function? as I cant seem to find any meaningful leads when searching for references or traveling to the next data.

I also cant seem to find any leads from searching specifically for local_104 and unaff_EDI references as well.

netcat · Accepted Answer

The question is "What is the exact name of the executable file this malware adopts", and I can't see how this could be related to sprintf. The solution is right under your nose.

Forum Discussion

Practical Malware Analysis: Static Analysis question 18

1 Reply

Featured Places

Help & Support Forum

Related Content

Practical Malware Analysis: .NET Encryption and Encoding

Malicious Document Analysis: Dropper Analysis

Help with "Log Analysis: Web Log Analysis"

Malware Analysis: Shlayer

Malicious Document Analysis: Dropper Analysis

Recent Discussions

Powershell Deobsfuscation Ep.7

Windows Basics: Ep.3 – Registry Roadblock

Practical Malware Analysis: Static Analysis question 18

CVE-2019-1388 (Windows Priv Esc UAC Bypass) question 4

Infrastructure Hacking: Responder Network Poisoning