Complete all the steps mentioned in the PDF attached document.
Submission Requirements:
Format: Microsoft Word
Font: Arial, 12-Point, Double-Space
Citation Style: APA
Length: Minimum of 3 pages (excluding title page and bibliography).
Microsoft Word - Project part 3_ Analyzing Malicious Windows Programs.doc Project Part 3: Analyzing Malicious Windows Programs What you need: A Windows machine, real or virtual with IDA Pro installed. Refer to Lab 7-1 instructions & solutions in "Practical Malware Analysis" textbook chapter 7. Purpose You will practice the techniques in chapter 7. You should already have the lab files, but if you don't, do this: Downloading the Lab Files In a Web browser, go here: http://practicalmalwareanalysis.com/labs/ Download and unzip the lab files. Downloading and Installing IDA Pro In your Windows machine, open a Web browser and go to https://www.hex-rays.com/products/ida/support/download_freeware.shtml Download "IDA Freeware" and install it. Analyzing the Malware Follow the instructions for Lab 7-1 in the textbook. There are more detailed solutions in the back of the book. Open and analyze the malware found in the file Lab07-01.exe using IDA Pro. 1. Answer all the questions (Q1 to Q6) found in Lab 7-1 in your own words. 2. This malware uses a function named StartAddress to perform a DDoS attack. When answering question 4 in Lab 7-1, you find the user agent it uses to perform the attack, and the URL it will attack. Save a screen capture of the IDA Pro screen showing those two values, as shown below (with the important items grayed out). 3. You will see these features: A persistence mechanism A mutex A host-based signature A network-based signature Explain the above terms briefly in the context of this lab assignment. Deliverables: Please complete all steps mentioned in this document, and submit the lab report on Canvas. Make sure to capture screenshots for all steps and paste them in your lab report (word document). Microsoft Word - Project part 3_ Analyzing Malicious Windows Programs.doc Project Part 3: Analyzing Malicious Windows Programs What you need: A Windows machine, real or virtual with IDA Pro installed. Refer to Lab 7-1 instructions & solutions in "Practical Malware Analysis" textbook chapter 7. Purpose You will practice the techniques in chapter 7. You should already have the lab files, but if you don't, do this: Downloading the Lab Files In a Web browser, go here: http://practicalmalwareanalysis.com/labs/ Download and unzip the lab files. Downloading and Installing IDA Pro In your Windows machine, open a Web browser and go to https://www.hex-rays.com/products/ida/support/download_freeware.shtml Download "IDA Freeware" and install it. Analyzing the Malware Follow the instructions for Lab 7-1 in the textbook. There are more detailed solutions in the back of the book. Open and analyze the malware found in the file Lab07-01.exe using IDA Pro. 1. Answer all the questions (Q1 to Q6) found in Lab 7-1 in your own words. 2. This malware uses a function named StartAddress to perform a DDoS attack. When answering question 4 in Lab 7-1, you find the user agent it uses to perform the attack, and the URL it will attack. Save a screen capture of the IDA Pro screen showing those two values, as shown below (with the important items grayed out). 3. You will see these features: A persistence mechanism A mutex A host-based signature A network-based signature Explain the above terms briefly in the context of this lab assignment. Deliverables: Please complete all steps mentioned in this document, and submit the lab report on Canvas. Make sure to capture screenshots for all steps and paste them in your lab report (word document). www.it-ebooks.info http://www.it-ebooks.info/ PRAISE FOR PRACTICAL MALWARE ANALYSIS “An excellent crash course in malware analysis.” —Dino Dai Zovi, INDEPENDENT SECURITY CONSULTANT “. . . the most comprehensive guide to analysis of malware, offering detailed coverage of all the essential skills required to understand the specific challenges presented by modern malware.” —Chris Eagle, SENIOR LECTURER OF COMPUTER SCIENCE, NAVAL POSTGRADUATE SCHOOL “A hands-on introduction to malware analysis. I'd recommend it to anyone who wants to dissect Windows malware.” —Ilfak Guilfanov, CREATOR OF IDA PRO “. . . a great introduction to malware analysis. All chapters contain detailed technical explanations and hands-on lab exercises to get you immediate exposure to real malware.” —Sebastian Porst, GOOGLE SOFTWARE ENGINEER “. . . brings reverse-engineering to readers of all skill levels. Technically rich and accessible, the labs will lead you to a deeper understanding of the art and science of reverse-engineering. I strongly recommend this book for beginners and experts alike.” —Danny Quist, PHD, FOUNDER OF OFFENSIVE COMPUTING “If you only read one malware book or are looking to break into the world of malware analysis, this is the book to get.” —Patrick Engbretson, IA PROFESSOR, DAKOTA STATE UNIVERSITY AND AUTHOR OF The Basics of Hacking and Pen Testing “. . . an excellent addition to the course materials for an advanced graduate level course on Software Security or Intrusion Detection Systems. The labs are especially useful to students in teaching the methods to reverse-engineer, analyze, and understand malicious software.” —Sal Stolfo, PROFESSOR, COLUMBIA UNIVERSITY www.it-ebooks.info http://www.it-ebooks.info/ This in th unkn For anal is a book about malware. The links and software described is book are malicious. Exercise extreme caution when executing own code and visiting untrusted URLs. hints about creating a safe virtualized environment for malware ysis, visit Chapter 2. Don’t be stupid; secure your environment. WARNING www.it-ebooks.info http://www.it-ebooks.info/ PRACTICAL MALWARE ANALYSIS T h e H a n d s - O n G u i d e t o D i s s e c t i n g M a l i c i o u s S o f t w a r e by Michael Sikorski and Andrew Honig San Francisco www.it-ebooks.info http://www.it-ebooks.info/ PRACTICAL MALWARE ANALYSIS. Copyright © 2012 by Michael Sikorski and Andrew Honig. All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. 16 15 14 13 12 1 2 3 4 5 6 7 8 9 ISBN-10: 1-59327-290-1 ISBN-13: 978-1-59327-290-6 Publisher: William Pollock Production Editor: Alison Law Cover Illustration: Hugh D’Andrade Interior Design: Octopod Studios Developmental Editors: William Pollock and Tyler Ortman Technical Reviewer: Stephen Lawler Copyeditor: Marilyn Smith Compositor: Riley Hoffman Proofreader: Irene Barnard Indexer: Nancy Guenther For information on book distributors or translations, please contact No Starch Press, Inc. directly: No Starch Press, Inc. 38 Ringold Street, San Francisco, CA 94103 phone: 415.863.9900; fax: 415.863.9950;
[email protected]; www.nostarch.com Library of Congress Cataloging-in-Publication Data A catalog record of this book is available from the Library of Congress. No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The information in this book is distributed on an “As Is” basis, without warranty. While every precaution has been taken in the preparation of this work, neither the authors nor No Starch Press, Inc. shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it. www.it-ebooks.info http://www.it-ebooks.info/ B R I E F C O N T E N T S About the Authors .........................................................................................................xix Foreword by Richard Bejtlich .......................................................