frame   frame
SANS Logo SANS Homepage SANS Bookstore SANS Reading Room SANS Portal
  border   border  
ISC Logo   Infocon: GREEN      
border Permanent Handler on Duty on This Page: Pedro Bueno  
Trends Top 10 Reports Contact About INFOCon Presentations Links print
    • SECTION I - MALWARE ANALYSIS - PART 2- week Oct 03
      UPDATE: Answers bellow! - Oct 15.
       

    Ok...now what?

    Now I have a gift for you...and it is called Malware-quiz.exe, and has the MD5 of 7b8247095bf9d0523cbcaeea0e422d86 malware-quiz.exe
     

    If you accept this mission, here are the questions!

    1) Is this file Packed? If so, which packer was used?
    2) Which command did you use to identify it?
    3) Do you believe that is there any other way to identify the packer?
    3a) Please describe the directory which this file will be installed?
    4) In the process to unpack this file, please describe all the options that you saw. And by 'describe' I mean tell me what does it do when unpacking or not...
    5) What does this malware do?
    6) And finally, as a bonus question: What is the meaning of life?

    Thank you guys!

    Please submit your answers to the email bellow no longer than Oct 14. The answers will be posted here at October 15.
    This time I will post the full name of the people who submit correct answers! Sorry guys, no material prize... ;-) unless someone wants to offer a prize to be given to the most complete answer...:)

    Pedro Bueno - pbueno $ ( isc . sans . org )

    ANSWERS - Oct 15

    Excellent work guys!! I am really impressed with the answers received!

    Basically all names posted here got the point of the analysis. One answer, however, must be addressed here:

    "5) What does this malware do?
    In dos window displays text: Oh my...am I a really malware???? and attempts to overflow the memory allocation and crash machine."

    No, guys, this software didnt have anything dangerous!:)

    Ahhh...and remember...even an experient analyst may get lost sometimes...and Google is your friend when you get some things that may not make sense, like "The meaning of life..." :-)

    Google it here!

    Bellow is a list of the guys that got the right answers:(Please take a look at the answers from the Honors)

    Honor: Tyler Hudak , Ivan_Macalintal
    and Jack McCarthy

    Most creative way to send the answers: Randy Armknecht - he posted his answers in his blog!

    1. Thompson, AJ (Antony)
    2. Cory Dodds
    3. Jeremy Scott
    4. Fixer
    5. Thomas Prokosch
    6. Nicholas Albright
    7. Lenny C
    8. Patrick Kennedy
    9. Johnston, Kevin
    10.Joao Azevedo
     

    Congratulations guys!

    It was really nice!!! Congratulations to you all!!

    Ready for the next gift? :-) So what are you waiting for?? Check it here!

     

    • Link to ISC © 2002-2005 The SANS Institute
    SANS Web Privacy Policy: www.sans.org/privacy.php
    		 Contact