aljaz/securedorg.github.io
1
0
Fork 0
mirror of https://github.com/aljazceru/securedorg.github.io.git synced 2026-01-06 15:54:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

adding av names

Browse Source
This commit is contained in:
Amanda Rousseau
2017-08-09 19:02:19 -07:00
parent 660cb2523d
commit 6c9ff7d1ee
2 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
RE102/images/Section2_AVnames.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 169 KiB

2
RE102/re102_section2.1.md
View File

@@ -49,6 +49,8 @@ A string web search is a last resort. I usually use this step to find reports al
## Anti-Virus Vendors ##
AV Vendors provide some insight into a sample besides just good or bad. There are also many heuristic and generic detections that might not be useful in telling you what the sample is going to do. Keywords like Trojan or GEN for Generic are not enough to tell you how bad it is. However the keyword Injector gives us a hint that it is doing some kind of code in memory manipulation. As we know from above, this malware has a bunch of junk code, so AV might not have enough binary features to make a definitive signature but still does well in telling you that it looks generally abnormal.
![alt text](https://securedorg.github.io/RE102/images/Section2_AVnames.png "Section2_AVnames")
## VM Detonation & Network Information ##
If you followed [RE101 Lab 1](https://securedorg.github.io/RE101/section4/) you will know how to do a simple VM detonation to collect the filesystem, process, registry and network information. You will notice that this sample does nothing really special in the VM. So we will need to investigate why.