How can you use OllyDbg to permanently patch this malware, so that it doesn’t require the special command-line password?Ī: You can patch the binary by changing the first bytes of the function at address 0x402510 to always return true. By default, this malware functions as a backdoor if installed. The -cc option instructs the malware to print its current configuration to the console. The -c option instructs the malware to update its configuration, including its beacon IP address. The -re option instructs the malware to remove itself. The -in option instructs the malware to install itself. The password is the string abcd and is required for all actions except the default behavior. What are the command-line options for this program? What is the password requirement?Ī: The command-line options for the program are one of four values and the password. Alternatively, you can patch the binary to skip the password verification check. How can you get this malware to install itself?Ī: You can get the program to install itself by providing it with the -in option, along with the password. This malware was initially analyzed in the Chapter 3 labs using basic static and dynamic analysis techniques. Analyze the malware found in the file Lab09-01.exe using OllyDbg and IDA Pro to answer the following questions.
0 kommentar(er)
