aljaz/securedorg.github.io
1
0
Fork 0
mirror of https://github.com/aljazceru/securedorg.github.io.git synced 2026-01-30 19:44:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixing extension

Browse Source
This commit is contained in:
Amanda Rousseau
2017-03-27 22:06:42 -07:00
parent 1cdf275aa8
commit fba5d6fdd1
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
triage.md
View File

@@ -93,7 +93,7 @@ You can use the **Malware Analysis Report** template [HERE](https://securedorg.g
3. Check the file header by opening the file in the hex editor **HxD** 3. Check the file header by opening the file in the hex editor **HxD**
* Notice the first 1 byte is **MZ** meaning it's a PE Binary * Notice the first 1 byte is **MZ** meaning it's a PE Binary
![alt text](https://securedorg.github.io/images/triage1.png "MZ Header") ![alt text](https://securedorg.github.io/images/triage1.png "MZ Header")
4. Now right click the file and select **CFF explorer** to check the PE header 4. Add the file extension **.exe** to the **Unknown** file so that it reads as **Unknown.exe**. Now right click the file and select **CFF explorer** to check the PE header
* Note the imports it's using * Note the imports it's using
![alt text](https://securedorg.github.io/images/triage3.png "Imports") ![alt text](https://securedorg.github.io/images/triage3.png "Imports")
5. Calculate the hash using **quickhash**, go to virustotal.com and search the hash 5. Calculate the hash using **quickhash**, go to virustotal.com and search the hash