Lab01-02 Analysis

This program is packed using UPX and can be easily unpacked.

At the start we see a call to ‘StartServiceCtrlDispatcher’ which is used to implement a service and the service control manager will call the service entry point provided. In here I have labeled the service entry point as ‘ServiceMain’. The name of the service created would be ‘Malservice’.

Continue reading

Advertisements

Lab01-01 Analysis

In my leisure time I like reading the book Practical Malware Analysis and I thought of sharing my analysis in the practical sections. You can find detailed answers in the book as well.

Lab01-01.dll Analysis

If we have a look at the “Lab01-01.dll” file’s imports we can see that it uses network functions from “ws2_32.dll”. We can suspect that this file is responsible for network communications to the attacker.
imports-of-dll

But if we have a look at the exports section we see nothing, which is strange.
no-exports-dll
Continue reading

Satana Malware Analysis

I haven’t done any malware analysis before and this would be my first post related to malware. I’m really interested but still quite a lot of things to learn 🙂 so I thought of starting off somewhere and this is the analysis of the ransomware named “Satana” by me. Obviously I hope you know who is Satan 👿

Samples:

Behavior Analysis

As soon as you run this the main executable will be deleted and a new sample will be created inside the %temp% folder.

The following is the disassembly corresponding to this event.


Continue reading