User Account

All Pages

Analyze malware in a safe environment

Assignment Help Other Subject
Reference no: EM132476922

File Triage

Analyze malware in a safe environment

Write-Up:

Problem #1) Section Names

Analyze the data in the sections_report.csv. Recall that in the PE format, the sections can be named anything but there are some normal naming conventions we'd expect to see most of the time. High entropy in data can mean it is highly random (e.g. encrypted)or containsa dense amount of information (e.g. machine code). Look through the sections report to identify unexpected section names that also have high entropy (e.g. > 6). Expected section names would be things like .text, .itext, .rsrc, .reloc.

Research the unexpected section names and provide a few sentences about what these sections names indicate and what that means for our analysis of those files if we need to go deeper.

Problem #2) Large Physical / Virtual Size Differences

Look for files in sections_report.csv that have a physical size of 0 bytes and a large virtual size (e.g. > 1000 bytes).

Part a) Which files do you see that have this characteristic? Are they in the malware, sysinternals, or windows directory? What does this characteristic likely indicate for malware analysis?

Part b) These files all have the same MD5 value for their section. Google this hash value, why do they all have the same MD5 for the data in the sections listed?

Problem 3) Imported Libraries and Functions Frequency

Part a) Looking at file_summary_report.csv, which files have the same number of imported libraries as the number of imported functions?

Part b) Provide the imphash of these files?Research the library and function names that those files share in common. What does it tell you?

Problem 4) Imported Libraries and Function Capability

Part a) There are many libraries and functions in Appendix A in our Practical Malware Analysis book. How many files contain the function "peeknamedpipe"? Which files have this as an import?

Part b) Look the file(s) up on VirusTotal. Based on what this function allows a binary to do and based on the "Detection" results from VirusTotal, what is your best guess as to kind of malware this binary might be? In other words, what is the goal of this type of malware? Feel free to do additional online research and read about this function in Appendix A. Justify your answer.

Part c) What directory was this file(s) found in? Is it malware we already knew or is it something new we need to inform the Incident Handler about? Justify your position.

Part d) Looking a little deeper, what is the compile time for the file(s) and when looking at VirusTotal what is the "First Submission" date for this file. Do you trust the compile time? Why or why not?

Problem 5) Imported Libraries and Function Capability

Part a) There are two binaries that import exactly 4 functions. Which files are they and what are the four imported functions?

Part b) What other binaries do you see that import the same 4 functions?

Part c) Feel free to do some research on VirusTotal, but just looking at the file names and knowing the capability the four functions provide, which two file names make the least sense to import these functions and why?

Attachment:- File Triage.rar

Reference no: EM132476922

Questions Cloud

Match the five control goals or systems deficiencies : Review shipped not billed sales orders - Match the five control goals or systems deficiencies with a control plan that would beet achieve the desired goal
Write a report on asset management strategy : Identify the key components of a structures management system Carry out an assessment of the capacity of an existing large structure in Civil Engineering.
Design structural steel and reinforced concrete elements : Design structural steel and reinforced concrete elements used in bridges, water retaining structures, portal frames and multi-storey buildings
Preparing a critical evaluation of a Public Company : Essay Assignment - Preparing a critical evaluation of a Public Company. A (brief) history of the company and how it formed
Analyze malware in a safe environment : What directory was this file(s) found in? Is it malware we already knew or is it something new we need to inform the Incident Handler about
Assignment - Business Brief-Sustainability at Clif Bar & Co : Assignment - Business Brief: Sustainability at Clif Bar & Co. What business risks does Clif Bar & Company face with so many parts of its supply chain outsourced
Create a working thesis statement and basic research plan : Conduct research on the topic and locate articles that takes a clear con position - proposal offers direction for research needs and gives your professor
BSBHRM602 Manage Human Resources Strategic Planning : BSBHRM602 Manage Human Resources Strategic Planning Assignment Help and Solution - Choice Business College, Australia. Discuss PEST analysis
Request email assignment : Request Email Assignment - While expert interviews are a common method for collecting qualitative research data, when a face-to-face meeting is not possible

Reviews

Write a Review

Other Subject Questions & Answers

  How social issues are defined

Identify individual, group or family, or community social justice and social work practices related to the social issue you identified, noting how the dynamics and situations related to that issue cross over into multiple systems (individual, grou..

  Discuss the importance of efficiency and effectiveness

Discuss the importance of efficiency and effectiveness as key managerial interests, and analyze the primary conditions for each.

  What is intraspecific competition

What is intraspecific competition? What are some examples of how the limited quantity of resources affect intraspecific completion?

  Discuss the nature and the result of case

From the first e-Activity, discuss the nature and the result of case that you selected. Indicate which case (i.e., either the criminal or the civil) had to be resolved first, and explain the reasoning behind the resolution.

  Budgets planning and control

Budgets planning and control

  What are some of the benefits and costs

What are some of the benefits and costs that contribute to your customer value from each of the following products: a wristwatch, a weight-loss diet, a cruise on a luxury liner, and a checking account from a bank?

  How does a federal republic function

The Tenth Amendment to the U.S. Constitution pertains to states' rights. It was ratified on December 15, 1791.

  How you could incorporate the goals

Review Healthypeople.gov website. Discuss how you feel these goals will impact the health of the nation. Briefly discuss how you could incorporate these goals.

  Discuss algorithms and methods introduced in the paper

What does the paper mainly talk about? Briefly discuss algorithms and methods introduced in the paper and the contribution of the paper to the literature.

  Ethical issues presented in this scenario

A counselor has been treating a client, Jay, who was recently in a bad accident that left him bedridden and partially paralyzed. With sustained physiotherapy and medication, the paralytic effect has gone, but motor movements are still affected.

  Describe the historical development of the humanities

Describe the historical development of the humanities from the pre-historic era to the present. Identify significant cultural developments from a variety.

  Discuss about the arizona senate bill

In 2010, the State of Arizona passed Senate Bill 1070 in an attempt to control the illegal immigration coming across that state's borders.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd