Executive Summary
Installation
This malware is a standalone executable. It can be run in a variety of ways, including being dropped via a drive by download, manually installed on the computer, or acting as a payload for a worm.
Behavior
What the malware does goes here
Persistence
How the malware persists on the system goes here
Removal
How the malware can be uninstalled goes here
File Information
| Field | Data |
|---|---|
| Filename | Lab07-02.exe |
| File Size | 16384 bytes |
| MD5 | 7bbc691f7e87f0986a1030785268f190 |
| SHA1 | 8a55adee743d1124105d3acd688db621e3d8802f |
| SHA256 | bdf941defbc52b03de3485a5eb1c97e64f5ac0f54325e8cb668c994d3d8c9c90 |
| Architecture | x86 |
| Compiler | |
| Statically linked | False |
| Stripped | False |
Strings
| Address | String | XRefs |
|---|---|---|
| 0x403010 | http://www.malwareanalysisbook.com/ad.html | COMFunction[5,1] |
Imports
| Address | Import | XRefs |
|---|---|---|
| 0x402048 | OleInitialize | COMFunction[5,1] |
| 0x40204c | CoCreateInstance | COMFunction[5,1] |
Important Functions
COMFunction: undefined4 COMFunction5,1
This is the main function that contains all the COM functionality. It opens the web browser and then exits.
Analysis
Answers to the PMA book questions are below. - This malware does not achieve persistence. It runs once and then exits. - This malware opens and ad and then exits. - This program will exit after displaying the ad.