User Account

All Pages

Analyze malware in a safe environment

Assignment Help Other Subject
Reference no: EM132476922

File Triage

Analyze malware in a safe environment

Write-Up:

Problem #1) Section Names

Analyze the data in the sections_report.csv. Recall that in the PE format, the sections can be named anything but there are some normal naming conventions we'd expect to see most of the time. High entropy in data can mean it is highly random (e.g. encrypted)or containsa dense amount of information (e.g. machine code). Look through the sections report to identify unexpected section names that also have high entropy (e.g. > 6). Expected section names would be things like .text, .itext, .rsrc, .reloc.

Research the unexpected section names and provide a few sentences about what these sections names indicate and what that means for our analysis of those files if we need to go deeper.

Problem #2) Large Physical / Virtual Size Differences

Look for files in sections_report.csv that have a physical size of 0 bytes and a large virtual size (e.g. > 1000 bytes).

Part a) Which files do you see that have this characteristic? Are they in the malware, sysinternals, or windows directory? What does this characteristic likely indicate for malware analysis?

Part b) These files all have the same MD5 value for their section. Google this hash value, why do they all have the same MD5 for the data in the sections listed?

Problem 3) Imported Libraries and Functions Frequency

Part a) Looking at file_summary_report.csv, which files have the same number of imported libraries as the number of imported functions?

Part b) Provide the imphash of these files?Research the library and function names that those files share in common. What does it tell you?

Problem 4) Imported Libraries and Function Capability

Part a) There are many libraries and functions in Appendix A in our Practical Malware Analysis book. How many files contain the function "peeknamedpipe"? Which files have this as an import?

Part b) Look the file(s) up on VirusTotal. Based on what this function allows a binary to do and based on the "Detection" results from VirusTotal, what is your best guess as to kind of malware this binary might be? In other words, what is the goal of this type of malware? Feel free to do additional online research and read about this function in Appendix A. Justify your answer.

Part c) What directory was this file(s) found in? Is it malware we already knew or is it something new we need to inform the Incident Handler about? Justify your position.

Part d) Looking a little deeper, what is the compile time for the file(s) and when looking at VirusTotal what is the "First Submission" date for this file. Do you trust the compile time? Why or why not?

Problem 5) Imported Libraries and Function Capability

Part a) There are two binaries that import exactly 4 functions. Which files are they and what are the four imported functions?

Part b) What other binaries do you see that import the same 4 functions?

Part c) Feel free to do some research on VirusTotal, but just looking at the file names and knowing the capability the four functions provide, which two file names make the least sense to import these functions and why?

Attachment:- File Triage.rar

Reference no: EM132476922

Questions Cloud

Match the five control goals or systems deficiencies : Review shipped not billed sales orders - Match the five control goals or systems deficiencies with a control plan that would beet achieve the desired goal
Write a report on asset management strategy : Identify the key components of a structures management system Carry out an assessment of the capacity of an existing large structure in Civil Engineering.
Design structural steel and reinforced concrete elements : Design structural steel and reinforced concrete elements used in bridges, water retaining structures, portal frames and multi-storey buildings
Preparing a critical evaluation of a Public Company : Essay Assignment - Preparing a critical evaluation of a Public Company. A (brief) history of the company and how it formed
Analyze malware in a safe environment : What directory was this file(s) found in? Is it malware we already knew or is it something new we need to inform the Incident Handler about
Assignment - Business Brief-Sustainability at Clif Bar & Co : Assignment - Business Brief: Sustainability at Clif Bar & Co. What business risks does Clif Bar & Company face with so many parts of its supply chain outsourced
Create a working thesis statement and basic research plan : Conduct research on the topic and locate articles that takes a clear con position - proposal offers direction for research needs and gives your professor
BSBHRM602 Manage Human Resources Strategic Planning : BSBHRM602 Manage Human Resources Strategic Planning Assignment Help and Solution - Choice Business College, Australia. Discuss PEST analysis
Request email assignment : Request Email Assignment - While expert interviews are a common method for collecting qualitative research data, when a face-to-face meeting is not possible

Reviews

Write a Review

Other Subject Questions & Answers

  Cross-cultural opportunities and conflicts in canada

Short Paper on Cross-cultural Opportunities and Conflicts in Canada.

  Sociology theory questions

Sociology are very fundamental in nature. Role strain and role constraint speak about the duties and responsibilities of the roles of people in society or in a group. A short theory about Darwin and Moths is also answered.

  A book review on unfaithful angels

This review will help the reader understand the social work profession through different concepts giving the glimpse of why the social work profession might have drifted away from its original purpose of serving the poor.

  Disorder paper: schizophrenia

Schizophrenia does not really have just one single cause. It is a possibility that this disorder could be inherited but not all doctors are sure.

  Individual assignment: two models handout and rubric

Individual Assignment : Two Models Handout and Rubric,    This paper will allow you to understand and evaluate two vastly different organizational models and to effectively communicate their differences.

  Developing strategic intent for toyota

The following report includes the description about the organization, its strategies, industry analysis in which it operates and its position in the industry.

  Gasoline powered passenger vehicles

In this study, we examine how gasoline price volatility and income of the consumers impacts consumer's demand for gasoline.

  An aspect of poverty in canada

Economics thesis undergrad 4th year paper to write. it should be about 22 pages in length, literature review, economic analysis and then data or cost benefit analysis.

  Ngn customer satisfaction qos indicator for 3g services

The paper aims to highlight the global trends in countries and regions where 3G has already been introduced and propose an implementation plan to the telecom operators of developing countries.

  Prepare a power point presentation

Prepare the power point presentation for the case: Santa Fe Independent School District

  Information literacy is important in this environment

Information literacy is critically important in this contemporary environment

  Associative property of multiplication

Write a definition for associative property of multiplication.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd