Questions
Based on the ARCHITECTURE of the binary, is malbuster_1 a 32-bit or a 64-bit application? (32-bit/64-bit)
Tìm được ở trong FILE_HEADER giá trị
0x014ctương ứng với 32-bit
What is the MD5 hash of malbuster_1?
4348DA65E4AEAE6472C7F97D6DD8AD8F
Using the hash, what is the number of detections of malbuster_1 in VirusTotal?
Kết quả là 58
Based on VirusTotal detection, what is the malware signature of malbuster_2 according to Avira?
HEUR/AGEN.1306860
malbuster_2 imports the function _CorExeMain. From which DLL file does it import this function?
Xem trong phần functions của PE Studio: mscoree.dll
Based on the VS_VERSION_INFO header, what is the original name of malbuster_2?
Xem trong phần version của PE Studio: 7JYpE.exe
Using the hash of malbuster_3, what is its malware signature based on abuse.ch?
Tra cứu trên MalwareBazaar | Malware sample exchange (abuse.ch): TrickBot
Using the hash of malbuster_4, what is its malware signature based on abuse.ch?
Cũng tra cứu trên MalwareBazaar: ZLoader
What is the message found in the DOS_STUB of malbuster_4?
Tìm được trong phần strings của PE Studio: !This Salfram cannot be run in DOS mode.
malbuster_4 imports the function ShellExecuteA. From which DLL file does it import this function?
Tra cứu ở ShellExecuteA function (shellapi.h) - Win32 apps | Microsoft Learn: Shell32.dll
Using capa, how many anti-VM instructions were identified in malbuster_1?
Giá trị namespace là anti-analysis/anti-vm/vm-detection nên đáp án là 3.
Using capa, what is the MITRE ID of the DISCOVERY technique used by malbuster_4?
T1083
Which binary contains the string GodMode?
Dùng lệnh sau trong PowerShell:
strings malbuster_2 | Select-String GodModeKết quả: malbuster_2
Which binary contains the string Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)?
Dùng lệnh sau trong PowerShell:
strings malbuster_1 | Select-String MozillaKết quả: malbuster_1