Lab 1-3

Analyze the file Lab01-03.exe. Questions

1. Upload the Lab01-03.exe file to http://www.VirusTotal.com/. Does it match any existing antivirus definitions?
   • NO
2. Are there any indications that this file is packed or obfuscated? If so, what are these indicators? If the file is packed, unpack it if possible.
   • Yes, it is packed with FSG
3. Do any imports hint at this program’s functionality? If so, which imports are they and what do they tell you?
   • LoadLibrary and GetProcAddress are two common functions to load something from memory, typical by packed execs
4. What host- or network-based indicators could be used to identify this malware on infected machines?
   • Cannot say! It is packed!