Bronze IIPractical Malware Analysis: Static Analysis question 19
for what native Microsoft service is this malware trying to masquerade as with a legitimate seeming name and a reference to a file path that can be used for persistence, for some reason when typing down the Microsoft Security Center (2.0) Service name, and the info gained from
and the registry path HKCU\Software\Microsoft\Windows\CurrentVersion\Run\. it keeps saying that it is wrong. I am wondering about what format are they expecting an answer? or if I am using the wrong name. as mssecsvc2.0 is also wrong.
Hey mate your looking in the wrong area. Go back to question 15 and see the two functions it calls. The top one is the answer i assisted with before but the second function is where you need to be looking.
Then follow the briefing panel to conduct a function override, once this is done itll show you the correct path
Its the full file path it wants.
