Scribd
Upload
61 views

Assignment1 AMAnalysis I202001

The report analyzed 8 malware samples. Key details include: - The malware samples targeted Windows systems and used 32-bit architecture. Several were packed using techniques like UPX to obfuscate the code. - Static analysis of strings and permissions revealed the malware could perform dangerous actions like deleting files, editing the registry, capturing keystrokes, and downloading additional payloads. - The malware linked to common Windows libraries and had capabilities like process and internet control that could be used for malicious purposes like spreading to other systems.

Uploaded by

i202001
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
61 views

Assignment1 AMAnalysis I202001

The report analyzed 8 malware samples. Key details include: - The malware samples targeted Windows systems and used 32-bit architecture. Several were packed using techniques like UPX to obfuscate the code. - Static analysis of strings and permissions revealed the malware could perform dangerous actions like deleting files, editing the registry, capturing keystrokes, and downloading additional payloads. - The malware linked to common Windows libraries and had capabilities like process and internet control that could be used for malicious purposes like spreading to other systems.

Uploaded by

i202001
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Static Malware Analysis Report

Malware 1:

Hash (SHA1) 240387329dee4f03f98a89a2feff9bf30dcba61fcf614cdac24129da54442762


File Type Portable Executable (PE)
Target System Windows
Target CPU 32 bit
Compiler Stamp Wednesday, Sep 05,2018, 10:36:17
Subsystem GUI
Permissions .text .rdata .data
Not writeable Not writeable writeable
executable - -
readable readable readable
Potentially abused Kernel32.dll Msvcrt.dll Shlwapi.dll
Libraries
Packing unpacked
String Analysis String Analysis yields that it contains a pdb pathway.

Malware 2:

Hash (SHA256) 4e87a0794bf73d06ac1ce4a37e33eb832ff4c89fb9e4266490c7cef9229d27a7


File Type Portable Executable (PE)
Target System Windows
Target CPU 32 bit
Compiler Stamp Wednesday, August 29,2018, 15:11:05
Subsystem GUI
Permissions .text .rdata .data
Not writeable Not writeable writeable
executable - -
Readable Readable readable
Potentially abused Msbvm60.dll
Libraries
Packing unpacked
String Analysis String Analysis yields that it uses task manager to control processes not
limited to closing and opening processes.
Static Malware Analysis Report

Malware 3:

Hash 7682b842ed75b69e23c5deecf05a45ee79c723d98cfb6746380d748145bfc1af
(SHA1)
File Type Portable Executable (PE)
Target Windows
System
Target 32 bit
CPU
Compiler Friday, May 29,1992, 06:33:05
Stamp
Subsyste GUI
m
Permissi
ons CODE DATA .data
Not writeable writeable writeable
executable - -
Readable Readable readable
Potential Kernel32. User32. advapi32. oleaut32. version. gdi32. comctl32 comdlg32
ly abused dll dll dll dll dll dll .dll .dll
Libraries
Packing unpacked
String String Analysis yields that it can access monitor info as well as keyboard layout so is
Analysis potentially used to log keystrokes as well as the clipboard.

Malware 4:

Hash (SHA1) 785872bbef35d86fe6ce8a53be29995cfd0f251d2a171145bd6685bebe63ebc8


File Type Executable
Target System Windows
Target CPU 32 bit
Compiler Stamp Wednesday, August 29,2018, 15:11:05
Subsystem GUI
Permissions .text .rsrc .reloc
Not writeable Not writeable Not writeable
executable - -
Readable Readable readable
Potentially abused Mscoree.dll
Libraries
Packing DeepSea Obfuscator v4 / Ben-Mhenni-Protector
String Analysis Loads a program named “badabingboom.exe” and has the ability to allocate
resources on demand
Static Malware Analysis Report

Malware 5:

Hash c0242d686b4c1707f9db2eb5afdd306507ceb5637d72662dff56c439330dbdf1
(SHA1)
File Executable
Type
Target Windows
System
Target 32 bit
CPU
Compile Saturday, April 18,1992
r Stamp
Subsyst GUI
em
Permissi CODE .DATA .rdata
ons Not writeable writeable Not writeable
executable - -
Readable Readable readable
Potentia Kernel3 User32 Advapi32 Oleaut3 Version Gdi32. Ole32 Comctl3 Comdlg
lly 2.dll .dll .dll 2.dll .dll dll .dll 2.dll .dll
abused
Librarie
s
Packing unpacked
String Ability to force shutdown, connect to the internet, get monitor information, simulate
Analysis internet to listen to communication, access to keyboard layout as well as key states
possibly for key logging, data stealing.

Malware 6:

Hash (SHA1) cc13afd5ffdd769c66118f4f5eec7f80655c14cfdc6e8b753e419bbfbea4784e


File Type Portable Executable (PE)
Target System Windows
Target CPU 32 bit
Compiler Stamp Wednesday, August 29,2018, 11:27:23
Subsystem GUI
Permissions (Packed UPX0 UPX1 UPX2
state) writeable writeable writeable
executable executable -
Readable Readable Readable
Permissions .text .rdata .data
(unpacked state) Not writeable Not writeable writeable
Executable - -
Readable Readable readable
Static Malware Analysis Report
Potentially abused Kernel32.dll User32.dll Wininet.dll Ws2_32.dll
Libraries
Packing Initial state packed UPX 0.89 - 3.xx. Unpacked using UPX
String Analysis Has access to clipboard, can create processes, can delete files, can
input/change registry values, has access to the internet likely to setup cnc.

Malware 7:

Hash (SHA1) 91bfa2445d998425c81f30d293235429ca6a8c6c8f326536478952a2a6754aac


File Type Portable Executable (PE)
Target System Windows
Target CPU 32 bit
Compiler Wednesday, August 04,2004
Stamp
Subsystem GUI
Permissions .text .data .rsrc
Not writeable writeable Not writeable
executable - -
Readable Readable Readable
Potentially Kernel32.dll User32.dll Advapi32.dll Gdi32.dll Comctl32.dll Version.dll
abused
Libraries
Packing MSI Express v.6.00.2900.xxxx - CAB installer
String Analysis Ability to delete and set registry values, create processes, shutdown on demand,
creates popups and installation directions to stall for time.

Malware 8:

Hash (SHA1) 37ea273266aa2d28430194fca27849170d609d338abc9c6c43c4e6be1bcf51f9


File Type Portable Executable (PE) / Downloader
Target System Windows
Target CPU 32 bit
Compiler Thursday, September 08,2016
Stamp
Subsystem GUI
Permissions UPX0 UPX1 .rsrc
(Packed) writeable writeable writeable
executable executable -
Readable Readable Readable
Permissions .text .rdata .data
(unpacked) Not writeable Not writeable writeable
Executable - -
Readable Readable Readable
Static Malware Analysis Report
Potentially D3d9.dll Dbghelp.dll Iphlpapi.dll Setupapi.dll Urlmon.dll Ws2_32.dll
abused
Libraries
Packing Initial state packed UPX 0.89 - 3.xx, unpacked using UPX
String Analysis Has an abundance of links potentially to download additional malwares, can control
devices I/O devices, ability to raise privileges, ability to delete files, can create
processes, can delete and edit registry entries, can execute shell scripts. Ultimately
downloads files and executes/installs them.

You might also like