Forum Discussion

nehachawla's avatar
nehachawla
Icon for Bronze I rankBronze I
9 months ago
Solved

Practical Malware Analysis: Static Analysis

I am stuck with question 12th and 20th of this lab .Could you please help. 12.What's the new name of the variable that references InternetOpenURL after changing the function signature? (Hint: The or...
  • jamesstammers's avatar
    9 months ago

    Hello,

    So for Q.12, before you change the function signatures, the decompiler will read:
    iVar2 = InternetOpenURL..... etc.

    After you've followed the instructions in the briefing panel, it will change to read:

    <something> = InternetOpenUrl......

    For Q.20, once you have found the correct function from the previous questions, follow the last bit of information in the briefing panel and copy it on a different function signature within that same function (albeit very similar to the example in the brief!). Look for any legitimate sounding executable names.

    Hope that helps!