- IDA Pro
- Lab06-01.exe SHA256: fe30f280b1d0a5e9cef3324c2e8677f55a6202599d489170ece125f3cd843a03
- Detection Rate: 1/55
- Analyzed on 28 Feb 2016
Compilation Date: 2011-01-31 22:15:14
- View report here
In this lab, you will analyze the malware found in the file Lab06-01.exe.
1. What is the major code construct found in the only subroutine called
The only subroutine called by main is sub_40100.
From the above figure, there is just 2 code path. The path is selected based on the result from InternetGetConnectedState function. According to msdn, the function returns TRUE if there is an active modem or a LAN Internet connection, or FALSE if there is no Internet connection, or if all possible Internet connections are not currently active.
2. What is the subroutine located at 0x40105F?
A Sting is pushed into the function @ 0x40105F. Stepping Over 0x40105F, the string argument is printed in the console. If we were to step into this function… it is actually quite a journey down. For now I would guess it is a subroutine that prints a message on the console.
3. What is the purpose of this program?
Check for internet connection and print out a message to indicate if there is any internet connection.