malware analysis
Question Description
- Identify any 4 common dynamic linked libraries (DLLs) in Windows OS? What functionality is in the DLLs that you have selected? (5pts)
- What measures would you take to harden your virtual machine to safeguard it from malware infection? (5 pts)
- Attempt Lab in Chapter 1. The lab is section 1-4 in the malware analysis text book. For this lab, I am interested in how you get the final outcome or result and what it means. Provide evidence in form screenshots on how you obtain your findings in order to get full points. The final result is only worth half a point if it lacks a methodology and explanation of findings (20pts)
- these are the malicious files files for the activity. Open these files from a hardened virtual machine (VM). You can use VirtualBox or VMWare to create an Ubuntu Linux VM.
- You can install a Linux windows emulator called wine ie sudo apt-get install wine. To run a windows execute like strings.exe from the terminal using wine, the command will be: wine strings.exe some-malicious-file.exe If this too complicated, you can also use IDAPro. It runs very well on Linux.
ـــــــــــــ
Attempt Lab in Chapter 1. The lab is section 1-4 in the malware analysis textbook. For this lab, I am interested in how you get the final outcome or result and what it means. Provide evidence in form screenshots on how you obtain your findings in order to get full points.The final result is only worth half a point if it lacks a methodology and explanation of findings (20pts)these are the malicious files files for the activity .Open these files from a hardened virtual machine (VM).You can use VirtualBox or VMWare to create an Ubuntu Linux VM.You can install a Linux windows emulator called wine ie sudo apt-get install wine.To run a windows execute like strings.exe from the terminal using wine, the command will be: wine strings.exe some-malicious-file.exe If this too complicated, you can also use IDAPro. It runs very well on Linux.The lab is section 1-4Lab 1-4Analyze the file Lab01-04.exe.Questions1. Upload the Lab01-04.exe file to http://www.VirusTotal.com/. Does it matchany existing antivirus definitions?2. Are there any indications that this file is packed or obfuscated? If so,what are these indicators? If the file is packed, unpack it if possible.3. When was this program compiled?4. Do any imports hint at this program’s functionality? If so, which importsare they and what do they tell you?5. What host- or network-based indicators could be used to identify thismalware on infected machines?6. This file has one resource in the resource section. Use Resource Hackerto examine that resource, and then use it to extract the resource. Whatcan you learn from the resource?
Have a similar assignment? "Place an order for your assignment and have exceptional work written by our team of experts, guaranteeing you A results."