​

​

Lab 4

​

​

03.10.2013

Plan for today

Couple words on due dates

Intro to lab 4

​

​

Last date for 2 lab

LAB2 Kill date - October 11

​

Static analysis

​

​

Dynamic analys

Analyse of the system

Is it static or dynamic ?

​

Very Basic static analysis

1. File
2. Hash SHA256
3. Hash comparison
4. strings
5. Quick and dirty approach

Quick and dirty approach

Just for an example :

​

https://www.virustotal.com/

http://camas.comodo.com/

http://www.threatexpert.com/submit.aspx

​

​

​

When you should not use quick and dirty ?

Lab 4

1) Download a file pahadus.zip

WARNING FILE CONTAINS LIVE VIRUSES

2)Take from there for(4) files from 90 files (algorithm is on the next page)

3) Find the additional live virus from somewhere in the internet - include story where from and how you found it.

3) Do the exercise

4) Present findings

​

​

​

Algorithm

a)sort them by name start counting from 0

b) Use last two digits from your student number mod(90) to select file 1 (x)

d) apply (x+your birfdays day) mod 90 (y)

e)use y for selecting file 2

f) apply ( y +13) mod 90 (z)

g) use z for selecting file 3

e) apply ( z + 4 ) mod 90 (h)

f) use h for selecting file 4

Exercise

1. Has sha 256 and md5
2. Search it in Virus Total
3. strings analysis
4. Use two out of three for quick and dirty
1. https://www.virustotal.com/
2. http://camas.comodo.com/
3. http://www.threatexpert.com/submit.aspx
5. Find at least 2 additional places for quick and dirty analysis
6. Compare results

Report

1) Where and how you found additional file

2) Hashes for each file

3) Most common name (each name differently but what was most common known name) for each file

4) Strings that sound meanigful for you and why

5) Links to quick and dirty analysis

6) Interesting features that you have learned.

7) Quick solution how to fix without having anti-virus.

​