aljaz/securedorg.github.io
1
0
Fork 0
mirror of https://github.com/aljazceru/securedorg.github.io.git synced 2025-12-21 16:04:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2 from BatsIhor/master

Browse Source 
Two chars MZ are represented by two bytes not one
This commit is contained in:
SECURED.ORG
2017-03-29 19:06:19 -07:00
committed by GitHub
parent f5b271c983 2db5aaf309
commit ef9f87ada0
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
triage.md
View File

@@ -26,7 +26,7 @@ This checklist should get you started:
--- ---
## Download the Unknown Malware ## Download the Unknown Malware
[**HERE**](https://drive.google.com/open?id=0B_0DJl2kuzoNRTEtQmx0SjJYZXc) [**HERE**](https://drive.google.com/open?id=0B_0DJl2kuzoNRTEtQmx0SjJYZXc)
@@ -91,7 +91,7 @@ You can use the **Malware Analysis Report** template [HERE](https://securedorg.g
1. Run the Victim VM 1. Run the Victim VM
2. Copy over the unknown file 2. Copy over the unknown file
3. Check the file header by opening the file in the hex editor **HxD** 3. Check the file header by opening the file in the hex editor **HxD**
* Notice the first 1 byte is **MZ** meaning it's a PE Binary * Notice the first 2 bytes are **MZ** meaning it's a PE Binary
![alt text](https://securedorg.github.io/images/triage1.png "MZ Header") ![alt text](https://securedorg.github.io/images/triage1.png "MZ Header")
4. Add the file extension **.exe** to the **Unknown** file so that it reads as **Unknown.exe**. Now right click the file and select **CFF explorer** to check the PE header 4. Add the file extension **.exe** to the **Unknown** file so that it reads as **Unknown.exe**. Now right click the file and select **CFF explorer** to check the PE header
* Note the imports it's using * Note the imports it's using