- IDA Pro
- Lab15-02.exe SHA256:20653de88265b4ab7b657de38e6585956368df037b66836008f8426f3e28cae6
- Detection Rate: 6/53
- Analyzed on 2016-03-19
Compilation Date: 2011-11-16 22:11:46
- View report here
Analyze the malware found in the file Lab15-02.exe. Correct all anti-disassembly
countermeasures before analyzing the binary in order to answer the questions.
1. What URL is initially requested by the program?
2. How is the User-Agent generated?
via modifying GetHostName returned string.
The above code will shift the string by 1 character. To prevent invalid ascii, Z is changed to A, z is changed to a and 9 is changed to 0.
3. What does the program look for in the page it initially requests?
4. What does the program do with the information it extracts from
It extracts out another url and download its content via InternetOpenUrlA and InternetReadFile saving it under Account Sumamry.xls.exe. It then executes it via ShellExecuteA.