Forum Discussion

Bronze I

21 days ago

Practical Malware Analysis: Static Analysis

I am stuck with question 12th and 20th of this lab .Could you please help. 12.What's the new name of the variable that references InternetOpenURL after changing the function signature? (Hint: The or...

defensive cyber

jamesstammers

Bronze II

21 days ago

Hello,

So for Q.12, before you change the function signatures, the decompiler will read:
iVar2 = InternetOpenURL..... etc.

After you've followed the instructions in the briefing panel, it will change to read:

<something> = InternetOpenUrl......

For Q.20, once you have found the correct function from the previous questions, follow the last bit of information in the briefing panel and copy it on a different function signature within that same function (albeit very similar to the example in the brief!). Look for any legitimate sounding executable names.

Hope that helps!

Forum Discussion

Practical Malware Analysis: Static Analysis

Related Content

Practical Malware Analysis: .NET Encryption and Encoding

Malicious Document Analysis: Dropper Analysis

Malware Analysis: Shlayer

Malicious Document Analysis: Dropper Analysis

Foundational Static Analysis: Analyzing Structures

Recent Discussions

SOAR: Demonstrate Your Skills

Zeek Ep 4 Scripting

Measuring Cyber Resilience: What's the Key Metric?

Malware Analysis: Shlayer

Web Log Analysis: Ep.5 – Searching Web Server Logs using Linux CLI