Forum Discussion

Bronze I

5 months ago

Practical Malware Analysis: Static Analysis

I am stuck with question 12th and 20th of this lab .Could you please help. 12.What's the new name of the variable that references InternetOpenURL after changing the function signature? (Hint: The or...

defensive cyber

jamesstammers

Bronze II

5 months ago

Hello,

So for Q.12, before you change the function signatures, the decompiler will read:
iVar2 = InternetOpenURL..... etc.

After you've followed the instructions in the briefing panel, it will change to read:

<something> = InternetOpenUrl......

For Q.20, once you have found the correct function from the previous questions, follow the last bit of information in the briefing panel and copy it on a different function signature within that same function (albeit very similar to the example in the brief!). Look for any legitimate sounding executable names.

Hope that helps!

Forum Discussion

Practical Malware Analysis: Static Analysis

Featured Places

Help & Support Forum

Related Content

Practical Malware Analysis: Static Analysis question 18

Practical Malware Analysis: Static Analysis question 19

Practical Malware Analysis: .NET Encryption and Encoding

Malicious Document Analysis: Dropper Analysis

Help with "Log Analysis: Web Log Analysis"

Recent Discussions

Hack Your First Web App: Ep.4 Missing Cookie

It seems correct answer is not accepted.

Help with Introduction to Python Scripting: Ep.7 – Demonstrate Your Skills

Privilege Escalation: Windows – Finding Passwords

Microsoft Defender for Cloud: Inventory, Resource Health and Recommendations.