Question: This will focus on chapter 8 (malware analysis), you will need copy of the malware(WebcamShot.scr:) The goal of this practical is to understand how the

This will focus on chapter 8 (malware analysis), you will need copy of the malware(WebcamShot.scr:)

The goal of this practical is to understand how the malware execute the hacker commands which isdelivered through IRC server.

hackarmy malware supports several commands as listed below.

This will focus on chapter 8 (malware analysis), you will need copy

our focus is going to be on two commands dontuseme and webfind64. Based on the description in the book, dontuseme will destroy the malware and webfind64 is used to download a file from the internet (or remote server) into the infected machine.

Answer the following questions: Q1. dontuseme command: a. From the assemble code of hackarmy malware, find where this command is implemented (verify your answer). b. In a step by step fashion, describe how this command is executed. c. using pseudocode rewrite this command. Q2. wibfind64 command: a. From the assemble code of hackarmy malware, find where this command is implemented (support your answer). b. In a step by step format describe how this command is executed. c. (grad only) using pseudocode rewrite this command. Hints: H1. Threads are usually used to execute code concurrently, for example if you are about to execute a piece of code that interacts with a slow resource (network, keyboard...etc.) rather than running it on the main thread which will hang the program, you can create a new thread to accomplish that. H2. When creating a thread, you pass a pointer to the code to be executed. H3. You can skip sub_4015A6.

LINK TO MALWARE: https://transfernow.net/127q0191zqjc

Command !?dontuseme lsock4 Ithreads info ?quit ?disconnect lexecute Idelete webfind64 !killprocess llistprocesses self destruct starts SOCK4 server on specified port list of threads list OS, network information stops backdoor disconnect from IRC server execute local binary deletes a specific file download file from remote server not working not working Command !?dontuseme lsock4 Ithreads info ?quit ?disconnect lexecute Idelete webfind64 !killprocess llistprocesses self destruct starts SOCK4 server on specified port list of threads list OS, network information stops backdoor disconnect from IRC server execute local binary deletes a specific file download file from remote server not working not working

Step by Step Solution

There are 3 Steps involved in it

1 Expert Approved Answer
Step: 1 Unlock blur-text-image
Question Has Been Solved by an Expert!

Get step-by-step solutions from verified subject matter experts

Step: 2 Unlock
Step: 3 Unlock

Students Have Also Explored These Related Databases Questions!

Q:

please help me with these questions, thanks! This practical will focus on chapter 8 (malware analysis), you will need copy of the malware we used in class (Webcam Shot.scr: posted on canvas). The...

Q:

someone please help me solve this problem please, thank you This practical will focus on chapter 8 (malware analysis), you will need copy of the malware we used in class (Webcam Shot.scr: posted on...

Q:

DAT 520 Problem Set 4 Introductory Decision Trees This module we leave the probability exercises and move into hands-on applications of the prior module's lessons. There are three exercises, each...

Q:

KINGS OWN INSTITUTE* Success in Higher Education ICT106 DATA COMMUNICATIONS AND NETWORKS T223 Page 1 of 18 AUSTRALIAN INSTITUTE OF BUSINESS AND MANAGEMENT PTY LTD ABN: 72 132 629 979 CRICOS 03171A...

Q:

There are two problems due this week (each worth 35 points) as follows. Case 5-1David L. Miller: Portrait of a White-Collar Criminal (page 144). In comprehensive paragraphs, answerrequirements 1?6....

Q:

ADMN 233 Assignment 4 Assignment 4 Instructions Assignment 4 is worth 20% of your final mark. It should be completed and submitted after you finish Chapter 13 in your textbook. This assignment is...

Q:

Reed these three chapters. Chapter 1, 8, and 9. Wryte a 2-3 paragrafff summary on each chapter. Be sure to label each chapter summary. play.google.com @ 5 + (107) Relaxing Music For Stress Relief,...

Q:

I would like to get detail answers to the questions using Staples Inc. 10-K report for the fiscal year ending January 30,2015 and filed with the security exchange commission on March 4, 2016. please...

Q:

I would like to get detail answers to the questions using Staples Inc. 10-K report for the fiscal year ending January 30,2015 and filed with the security exchange commission on March 4, 2016. please...

Q:

I would like to get detail answers to the questions using Staples Inc. 10-K report for the fiscal year ending January 30,2015 and filed with the security exchange commission on March 4, 2016. please...

Q:

Ron needs to save $40,000 for a down payment on his new house. He needs this money in 3 years. Ron is planning on taking the $12,000 he already has and adding month-end payments to his investment. If...

Q:

Since 1998, the price of the Louis Vuitton "Speedy" handbag has more than doubled, to $685, while the price of Joe Boxer's "licky face" underwear has dropped by nearly half, to $8.99. As luxury...

Q:

8. What are tracking signals? How are they useful to improve the efficiency of forecasts?

Q:

Compared with half a century ago, adoption has become _ _ _ _ _ _ _ _ _ common, but it is more open and acceptabl e , so we probably discuss it _ _ _ _ _ _ _ . fill in the blanks more or much less or...

Q:

=+ What should take precedence? Why? What other HR programs and policies should have been considered?

Q:

=+ Which of these policies and practices are likely to be areas of concern in the successful merger of these two firms?

Q:

=+1 What role should HR play in the development of this IJV? In the negotiations? BAW HR? JEA HR? JBAW HR?