Forum Discussion
Practical Malware Analysis: Static Analysis
- 9 months ago
Hello,
So for Q.12, before you change the function signatures, the decompiler will read:
iVar2 = InternetOpenURL..... etc.After you've followed the instructions in the briefing panel, it will change to read:
<something> = InternetOpenUrl......
For Q.20, once you have found the correct function from the previous questions, follow the last bit of information in the briefing panel and copy it on a different function signature within that same function (albeit very similar to the example in the brief!). Look for any legitimate sounding executable names.
Hope that helps!
Hello,
So for Q.12, before you change the function signatures, the decompiler will read:
iVar2 = InternetOpenURL..... etc.
After you've followed the instructions in the briefing panel, it will change to read:
<something> = InternetOpenUrl......
For Q.20, once you have found the correct function from the previous questions, follow the last bit of information in the briefing panel and copy it on a different function signature within that same function (albeit very similar to the example in the brief!). Look for any legitimate sounding executable names.
Hope that helps!