Executive Summary
Installation
This malware is a standalone executable. It can be run in a variety of ways, including being dropped via a drive by download, manually installed on the computer, or acting as a payload for a worm.
Behavior
What the malware does goes here
Persistence
How the malware persists on the system goes here
Removal
How the malware can be uninstalled goes here
File Information
Field | Data |
---|---|
Filename | Lab07-02.exe |
File Size | 16384 bytes |
MD5 | 7bbc691f7e87f0986a1030785268f190 |
SHA1 | 8a55adee743d1124105d3acd688db621e3d8802f |
SHA256 | bdf941defbc52b03de3485a5eb1c97e64f5ac0f54325e8cb668c994d3d8c9c90 |
Architecture | x86 |
Compiler | |
Statically linked | False |
Stripped | False |
Strings
Address | String | XRefs |
---|---|---|
0x403010 | http://www.malwareanalysisbook.com/ad.html | COMFunction[5,1] |
Imports
Address | Import | XRefs |
---|---|---|
0x402048 | OleInitialize | COMFunction[5,1] |
0x40204c | CoCreateInstance | COMFunction[5,1] |
Important Functions
COMFunction: undefined4 COMFunction5,1
This is the main function that contains all the COM functionality. It opens the web browser and then exits.
Analysis
Answers to the PMA book questions are below. - This malware does not achieve persistence. It runs once and then exits. - This malware opens and ad and then exits. - This program will exit after displaying the ad.