pma7-2 Analysis

Executive Summary


This malware is a standalone executable. It can be run in a variety of ways, including being dropped via a drive by download, manually installed on the computer, or acting as a payload for a worm.


What the malware does goes here


How the malware persists on the system goes here


How the malware can be uninstalled goes here

File Information

Field Data
Filename Lab07-02.exe
File Size 16384 bytes
MD5 7bbc691f7e87f0986a1030785268f190
SHA1 8a55adee743d1124105d3acd688db621e3d8802f
SHA256 bdf941defbc52b03de3485a5eb1c97e64f5ac0f54325e8cb668c994d3d8c9c90
Architecture x86
Statically linked False
Stripped False


Address String XRefs
0x403010 COMFunction[5,1]


Address Import XRefs
0x402048 OleInitialize COMFunction[5,1]
0x40204c CoCreateInstance COMFunction[5,1]

Important Functions

COMFunction: undefined4 COMFunction5,1

This is the main function that contains all the COM functionality. It opens the web browser and then exits.


Answers to the PMA book questions are below. - This malware does not achieve persistence. It runs once and then exits. - This malware opens and ad and then exits. - This program will exit after displaying the ad.