Forum Discussion

nehachawla's avatar
nehachawla
Icon for Bronze I rankBronze I
9 months ago
Solved

Practical Malware Analysis: Static Analysis

I am stuck with question 12th and 20th of this lab .Could you please help. 12.What's the new name of the variable that references InternetOpenURL after changing the function signature? (Hint: The or...
defensive cyber
  • jamesstammers's avatar
    jamesstammers
    9 months ago

    Hello,

    So for Q.12, before you change the function signatures, the decompiler will read:
    iVar2 = InternetOpenURL..... etc.

    After you've followed the instructions in the briefing panel, it will change to read:

    <something> = InternetOpenUrl......

    For Q.20, once you have found the correct function from the previous questions, follow the last bit of information in the briefing panel and copy it on a different function signature within that same function (albeit very similar to the example in the brief!). Look for any legitimate sounding executable names.

    Hope that helps!

jamesstammers's avatar
jamesstammers
Icon for Bronze III rankBronze III
9 months ago

Hello,

So for Q.12, before you change the function signatures, the decompiler will read:
iVar2 = InternetOpenURL..... etc.

After you've followed the instructions in the briefing panel, it will change to read:

<something> = InternetOpenUrl......

For Q.20, once you have found the correct function from the previous questions, follow the last bit of information in the briefing panel and copy it on a different function signature within that same function (albeit very similar to the example in the brief!). Look for any legitimate sounding executable names.

Hope that helps!