From 2db5aaf3095b80c21d42a2abe3f08f2e49ada73e Mon Sep 17 00:00:00 2001
From: Ihor Bats <batsihor@gmail.com>
Date: Wed, 29 Mar 2017 21:59:19 -0400
Subject: [PATCH] Two chars MZ are represented by two bytes not one
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Two chars “MZ” are represented by two bytes not one.
Thanks for tutorial, please keep going!
---
 triage.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/triage.md b/triage.md
index 6dd03aa..7843b6d 100644
--- a/triage.md
+++ b/triage.md
@@ -26,7 +26,7 @@ This checklist should get you started:
 
 ---
 
-## Download the Unknown Malware 
+## Download the Unknown Malware
 
 [**HERE**](https://drive.google.com/open?id=0B_0DJl2kuzoNRTEtQmx0SjJYZXc)
 
@@ -91,7 +91,7 @@ You can use the **Malware Analysis Report** template [HERE](https://securedorg.g
 1. Run the Victim VM
 2. Copy over the unknown file
 3. Check the file header by opening the file in the hex editor **HxD**
-* Notice the first 1 byte is **MZ** meaning it's a PE Binary
+* Notice the first 2 bytes are **MZ** meaning it's a PE Binary
 ![alt text](https://securedorg.github.io/images/triage1.png "MZ Header")
 4. Add the file extension **.exe** to the **Unknown** file so that it reads as **Unknown.exe**. Now right click the file and select **CFF explorer** to check the PE header
 * Note the imports it's using