Lab 3-1

Analyze the malware found in the file Lab03-01.exe using basic dynamic analysis tools.

Questions

1. What are this malware’s imports and strings?
   • strings
   • imports: just ExitProcess
2. What are the malware’s host-based indicators?
   • I must run procmon, emptying all events, procexp and wireshark.

   • then i can start the malware

3. Are there any useful network-based signatures for this malware? If so, what are they?
   • URL practicalmalwareanalysis.com
   • x1.lancr.org