pma7-2 Analysis

Executive Summary

Installation

This malware is a standalone executable. It can be run in a variety of ways, including being dropped via a drive by download, manually installed on the computer, or acting as a payload for a worm.

Behavior

What the malware does goes here

Persistence

How the malware persists on the system goes here

Removal

How the malware can be uninstalled goes here


File Information

Field Data
Filename Lab07-02.exe
File Size 16384 bytes
MD5 7bbc691f7e87f0986a1030785268f190
SHA1 8a55adee743d1124105d3acd688db621e3d8802f
SHA256 bdf941defbc52b03de3485a5eb1c97e64f5ac0f54325e8cb668c994d3d8c9c90
Architecture x86
Compiler
Statically linked False
Stripped False

Strings

Address String XRefs
0x403010 http://www.malwareanalysisbook.com/ad.html COMFunction[5,1]

Imports

Address Import XRefs
0x402048 OleInitialize COMFunction[5,1]
0x40204c CoCreateInstance COMFunction[5,1]

Important Functions

COMFunction: undefined4 COMFunction5,1

This is the main function that contains all the COM functionality. It opens the web browser and then exits.


Analysis

Answers to the PMA book questions are below. - This malware does not achieve persistence. It runs once and then exits. - This malware opens and ad and then exits. - This program will exit after displaying the ad.