Reference no: EM132555670
COSC 5330 Malware Analysis - Sam Houston State University
It turns out that I've grown tired of grading the assignments for this course. To this end, I've come up with a challenge which will resolve this. I have designed a Cryptovirus (also called Ransomware) which will encrypt your hard drive using strong RSA-2048 and AES-256 cryptographic protocols. You can find a lot of information about these new breeds of malware
I don't want a ransom of course. I merely do not want to grade the assignments! So, encrypting your drives will solve this predicament. However, we have an agreement - I would like you to solve a few simple "puzzles" I have created before unleashing this vicious malware on your systems. Furthermore, I promise not to destroy your machines if you solve these puzzles and let me know by the deadline. You can accomplish this by uploading your solutions to Blackboard by the deadline and be rest assured that the malware will be safely terminated if and only if I am completely convinced that you have truly solved these challenges. To this end, I strongly recommend that you start working on this task before your time expires. Your mission is to solve these puzzles and neutralize this virus before the due date. Good luck!
For instance:
1. This current executable does not have any debug symbols
2. You will need to identify if this executable was compiled using gcc, Visual Studio, Borland or some other compiler and which calling convention was used by the compiler - cdecl, stdcall or fastcall.
So, naturally, this assignment is more challenging than the earlier ones, and rightfully so! However, now you have new tools in your arsenal, including Olly debugger which should help much! I have assumed the following in designing this assignment:
3. You have spent a good amount of time mastering Olly and have watched several YouTube video tutorials and have thoroughly read the chapters assigned in this week's reading.
4. You have solved the lab exercises at the end of most, if not all, chapters in the books thus far.
5. You have a thorough mastery of IDA Pro, Olly and other basic static and dynamic tools that we have explored in the book and assignments thus far.
6. You are confident in creating snapshots of your virtual machine and utilizing all the important features of VirtualBox to your advantage.
7. You have a good understanding of C and are comfortable with reading/writing C code and understand the different constructs of a typical C program. For instance, this assignment uses several C constructs which you are expected to not only understand, but recognize them on-the-fly as you are working through the assignment. To this end, please re-read the appropriate chapters in the book if needed.
8. You have solved all the assignments thus far and have ensured that you understand everything that the past assignments have entailed.
9. You have a healthy level of curiosity and the ability, willingness to work hard to solve the challenges thrown at you.
10. Above all, you are able to smartly identify what your objective is and not get bogged down in minutiae and unnecessary detail that don't help you reach your desired goals.
This course and the techniques you learn therein should put you on firm footing not only for malware analysis, but in general, reverse engineering, security flow analysis, memory integrity analysis, general principles of digital forensics, security testing, network signature generation, intrusion detection, vulnerability analysis, software exploits, etc.
Attachment:- Malware Analysis.rar