├── .gitignore ├── README.md ├── exercises ├── lab-01-1.md ├── lab-01-2.md ├── lab-01-3.md ├── lab-01-4.md ├── lab-03-1.md ├── lab-03-2.md ├── lab-03-3.md ├── lab-03-4.md ├── lab-05-1.md ├── lab-06-1.md ├── lab-06-2.md ├── lab-06-3.md ├── lab-06-4.md ├── lab-07-1.md ├── lab-07-2.md ├── lab-07-3.md ├── lab-09-1.md ├── lab-09-2.md ├── lab-09-3.md ├── lab-10-1.md ├── lab-10-2.md ├── lab-10-3.md ├── lab-11-1.md ├── lab-11-2.md ├── lab-11-3.md ├── lab-12-1.md ├── lab-12-2.md ├── lab-12-3.md ├── lab-12-4.md ├── lab-13-1.md ├── lab-13-2.md ├── lab-13-3.md ├── lab-14-1.md ├── lab-14-2.md ├── lab-14-3.md ├── lab-15-1.md ├── lab-15-2.md ├── lab-15-3.md ├── lab-16-1.md ├── lab-16-2.md ├── lab-16-3.md ├── lab-17-1.md ├── lab-17-2.md └── lab-17-3.md └── images ├── 3-2packetcompare.png ├── 3-2procexp.png ├── 3-2traffic.png ├── lab12-02_chkmz.png ├── lab12-02_hexdec.png ├── lab12-02_hexenc.png ├── lab12-02_idaresume.png ├── lab12-02_idasuspend.png ├── lab12-02_reshack.png ├── lab12-02_xordecode.png ├── lab12-03_hook.png ├── lab12-03_jmptable.png ├── lab12-03_logfile.png ├── lab12-03_makelog.png ├── lab12-03_sethook.png ├── lab13-01_12bytesd.png ├── lab13-01_decodersrc.png ├── lab13-01_idabase64.png ├── lab13-01_idaentropy.png ├── lab13-01_idapadding.png ├── lab13-01_kanal.png ├── lab13-01_reshack.png ├── lab13-01_reshex.png ├── lab13-01_xorloop.png ├── lab13-01_xrefbase64.png ├── lab13-02_argoffset.png ├── lab13-02_bitmap.png ├── lab13-02_customencode.png ├── lab13-02_idagraph.png ├── lab13-02_procmon.png ├── lab13-02_xorkeyinit.png ├── lab13-02_xorsearch.png ├── lab13-03_b64loop.png ├── lab13-03_badblocklen.png ├── lab13-03_blkbuffer.png ├── lab13-03_cmddecode.png ├── lab13-03_cmdresponse.png ├── lab13-03_emptykey.png ├── lab13-03_entropy.png ├── lab13-03_ivpkt2.png ├── lab13-03_kanal.png ├── lab13-03_keylen.png ├── lab13-03_mainkey.png ├── lab13-03_precrypto.png ├── lab13-03_r_initenter1.png ├── lab13-03_wiresharkdata.png ├── lab14-01_alert.png ├── lab14-01_b64break.png ├── lab14-01_b64padding.png ├── lab14-01_hwinfo.png ├── lab14-01_idapad.png ├── lab14-01_netcall.png ├── lab14-02_checkexit.png ├── lab14-02_encodeb64.png ├── lab14-02_inetopenb64.png ├── lab14-02_peviewstr.png ├── lab14-03_badorder.png ├── lab14-03_d_imm.png ├── lab14-03_d_imm_decode.png ├── lab14-03_d_sig.png ├── lab14-03_headeruse.png ├── lab14-03_immdecodeurl.png ├── lab14-03_immdecodeurl2.png ├── lab14-03_inetbin.png ├── lab14-03_jumpcase.png ├── lab14-03_n_imm.png ├── lab14-03_n_sig.png ├── lab14-03_r_imm.png ├── lab14-03_r_sig.png ├── lab14-03_s_imm.png ├── lab14-03_s_imm_decode.png ├── lab14-03_s_sig.png ├── lab14-03_uadebug.png ├── lab14-03_uaheader.png ├── lab14-03_wiresharkevilprog.png ├── lab15-01_after.png ├── lab15-01_before.png ├── lab15-01_check.png ├── lab15-01_success.png ├── lab15-02_clean.png ├── lab15-02_dirty.png ├── lab15-02_inetopenurl.png ├── lab15-02_lhostconvert.png ├── lab15-02_maingraph.png ├── lab15-02_mainvars.png ├── lab15-02_urlfunc.png ├── lab15-03_decodefunc.png ├── lab15-03_filedecoded.png ├── lab15-03_fileencoded.png ├── lab15-03_handler_bad.png ├── lab15-03_handler_good.png ├── lab15-03_newret.png ├── lab15-03_sehfunc_bad.png ├── lab15-03_sehfunc_good.png ├── lab15-03_urldecoded.png ├── lab15-03_urlencoded.png ├── lab16-01_antidebug.png ├── lab16-01_debugflag.png ├── lab16-01_debugflag0.png ├── lab16-01_hidehelp.png ├── lab16-01_hidepeb.png ├── lab16-02_beingdebugged.png ├── lab16-02_findwindow.png ├── lab16-02_hexpatch_good.png ├── lab16-02_hexpatch_mov.png ├── lab16-02_hexpatch_tls.png ├── lab16-02_outputdebug.png ├── lab16-02_pass0.png ├── lab16-02_pass1.png ├── lab16-02_passbytes.png ├── lab16-02_pesection.png ├── lab16-02_strncmp.png ├── lab16-02_tlsaddress.png ├── lab16-03_c1_defeat.png ├── lab16-03_c1_perfcnt.png ├── lab16-03_dnsreq.png ├── lab16-03_hostname.png ├── lab17-01_nopill.png ├── lab17-01_plugin.png ├── lab17-01_results.png ├── lab17-01_sidt_result.png ├── lab17-01_sldt_before.png ├── lab17-01_sldt_beforeafter.png ├── lab17-01_str_result.png ├── lab17-02_export.png ├── lab17-02_idain.png ├── lab17-02_strings.png ├── lab17-03_process.png ├── lab17-03_reg.png ├── lab17-03_serial.png ├── pma12-04_enumproc.png ├── pma12-04_mainfptr.png ├── pma12-04_sfcdepwalk.png ├── pma12-04_sfcida.png ├── pma12-04_sfcload.png ├── pma12-04_urldownload1.png ├── pma12-04_winexec.png ├── pma12-1_handle.png ├── pma12-1_inject.png ├── pma12-1_popup.png ├── pma_10-2_driverentry.png ├── pma_10-2_setssdthook.png ├── pma_10-2_ssdthook.png ├── pma_10-3_createfile.png ├── pma_10-3_deviceio.png ├── pma_11-1_dllexports.png ├── pma_11-1_wlxloggedoutsas.png ├── pma_11-1_wlxshutdown.png ├── pma_11-1_writecreds.png ├── pma_11-2_clients.png ├── pma_11-2_exports.png ├── pma_11-2_imm_posthook.png ├── pma_11-2_imm_prehook2.png ├── pma_11-2_ini.png ├── pma_11-2_modop.png ├── pma_11-2_pids_procmon.png ├── pma_11-2_procexp_spool.png ├── pma_11-2_procmon_ads.png ├── pma_11-2_readini.png ├── pma_11-2_sendhook.png ├── pma_11-2_trampoline.png ├── pma_11-2_ws_traffic.png ├── pma_11-3_hexedit_after.png ├── pma_11-3_hexedit_before.png ├── pma_11-3_idamain.png ├── pma_11-3_k64handle.png ├── pma_11-3_k64write.png ├── pma_11-3_mapping.png ├── pma_11-3_sc55.png ├── pma_11-3_sc89.png ├── pma_11-3_spawns.png ├── pma_11-3_trojanmap.png ├── pma_3-3_graph.png ├── pma_3-3_ramstrings.png ├── pma_5-1_ghbn.png ├── pma_5-1_ghbngraph.png ├── pma_5-1_ghbnxref.png ├── pma_5-1_inref.png ├── pma_5-1_maingraph1.png ├── pma_5-1_maingraph2.png ├── pma_5-1_nameguess.png ├── pma_5-1_platformfunc.png ├── pma_5-1_retcall.png ├── pma_5-1_rshell.png ├── pma_5-1_scramblestring.png ├── pma_5-1_sleep.png ├── pma_5-1_stringdecode.png ├── pma_5-1_symname.png ├── pma_5-1_xrefstring.png └── pma_6-1_printf.png /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/.gitignore -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/README.md -------------------------------------------------------------------------------- /exercises/lab-01-1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-01-1.md -------------------------------------------------------------------------------- /exercises/lab-01-2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-01-2.md -------------------------------------------------------------------------------- /exercises/lab-01-3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-01-3.md -------------------------------------------------------------------------------- /exercises/lab-01-4.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-01-4.md -------------------------------------------------------------------------------- /exercises/lab-03-1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-03-1.md -------------------------------------------------------------------------------- /exercises/lab-03-2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-03-2.md -------------------------------------------------------------------------------- /exercises/lab-03-3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-03-3.md -------------------------------------------------------------------------------- /exercises/lab-03-4.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-03-4.md -------------------------------------------------------------------------------- /exercises/lab-05-1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-05-1.md -------------------------------------------------------------------------------- /exercises/lab-06-1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-06-1.md -------------------------------------------------------------------------------- /exercises/lab-06-2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-06-2.md -------------------------------------------------------------------------------- /exercises/lab-06-3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-06-3.md -------------------------------------------------------------------------------- /exercises/lab-06-4.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-06-4.md -------------------------------------------------------------------------------- /exercises/lab-07-1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-07-1.md -------------------------------------------------------------------------------- /exercises/lab-07-2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-07-2.md -------------------------------------------------------------------------------- /exercises/lab-07-3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-07-3.md -------------------------------------------------------------------------------- /exercises/lab-09-1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-09-1.md -------------------------------------------------------------------------------- /exercises/lab-09-2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-09-2.md -------------------------------------------------------------------------------- /exercises/lab-09-3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-09-3.md -------------------------------------------------------------------------------- /exercises/lab-10-1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-10-1.md -------------------------------------------------------------------------------- /exercises/lab-10-2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-10-2.md -------------------------------------------------------------------------------- /exercises/lab-10-3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-10-3.md -------------------------------------------------------------------------------- /exercises/lab-11-1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-11-1.md -------------------------------------------------------------------------------- /exercises/lab-11-2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-11-2.md -------------------------------------------------------------------------------- /exercises/lab-11-3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-11-3.md -------------------------------------------------------------------------------- /exercises/lab-12-1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-12-1.md -------------------------------------------------------------------------------- /exercises/lab-12-2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-12-2.md -------------------------------------------------------------------------------- /exercises/lab-12-3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-12-3.md -------------------------------------------------------------------------------- /exercises/lab-12-4.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-12-4.md -------------------------------------------------------------------------------- /exercises/lab-13-1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-13-1.md -------------------------------------------------------------------------------- /exercises/lab-13-2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-13-2.md -------------------------------------------------------------------------------- /exercises/lab-13-3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-13-3.md -------------------------------------------------------------------------------- /exercises/lab-14-1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-14-1.md -------------------------------------------------------------------------------- /exercises/lab-14-2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-14-2.md -------------------------------------------------------------------------------- /exercises/lab-14-3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-14-3.md -------------------------------------------------------------------------------- /exercises/lab-15-1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-15-1.md -------------------------------------------------------------------------------- /exercises/lab-15-2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-15-2.md -------------------------------------------------------------------------------- /exercises/lab-15-3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-15-3.md -------------------------------------------------------------------------------- /exercises/lab-16-1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-16-1.md -------------------------------------------------------------------------------- /exercises/lab-16-2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-16-2.md -------------------------------------------------------------------------------- /exercises/lab-16-3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-16-3.md -------------------------------------------------------------------------------- /exercises/lab-17-1.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-17-1.md -------------------------------------------------------------------------------- /exercises/lab-17-2.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-17-2.md -------------------------------------------------------------------------------- /exercises/lab-17-3.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/exercises/lab-17-3.md -------------------------------------------------------------------------------- /images/3-2packetcompare.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/3-2packetcompare.png -------------------------------------------------------------------------------- /images/3-2procexp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/3-2procexp.png -------------------------------------------------------------------------------- /images/3-2traffic.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/3-2traffic.png -------------------------------------------------------------------------------- /images/lab12-02_chkmz.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab12-02_chkmz.png -------------------------------------------------------------------------------- /images/lab12-02_hexdec.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab12-02_hexdec.png -------------------------------------------------------------------------------- /images/lab12-02_hexenc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab12-02_hexenc.png -------------------------------------------------------------------------------- /images/lab12-02_idaresume.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab12-02_idaresume.png -------------------------------------------------------------------------------- /images/lab12-02_idasuspend.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab12-02_idasuspend.png -------------------------------------------------------------------------------- /images/lab12-02_reshack.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab12-02_reshack.png -------------------------------------------------------------------------------- /images/lab12-02_xordecode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab12-02_xordecode.png -------------------------------------------------------------------------------- /images/lab12-03_hook.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab12-03_hook.png -------------------------------------------------------------------------------- /images/lab12-03_jmptable.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab12-03_jmptable.png -------------------------------------------------------------------------------- /images/lab12-03_logfile.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab12-03_logfile.png -------------------------------------------------------------------------------- /images/lab12-03_makelog.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab12-03_makelog.png -------------------------------------------------------------------------------- /images/lab12-03_sethook.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab12-03_sethook.png -------------------------------------------------------------------------------- /images/lab13-01_12bytesd.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab13-01_12bytesd.png -------------------------------------------------------------------------------- /images/lab13-01_decodersrc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab13-01_decodersrc.png -------------------------------------------------------------------------------- /images/lab13-01_idabase64.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab13-01_idabase64.png -------------------------------------------------------------------------------- /images/lab13-01_idaentropy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab13-01_idaentropy.png -------------------------------------------------------------------------------- /images/lab13-01_idapadding.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab13-01_idapadding.png -------------------------------------------------------------------------------- /images/lab13-01_kanal.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab13-01_kanal.png -------------------------------------------------------------------------------- /images/lab13-01_reshack.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab13-01_reshack.png -------------------------------------------------------------------------------- /images/lab13-01_reshex.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab13-01_reshex.png -------------------------------------------------------------------------------- /images/lab13-01_xorloop.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab13-01_xorloop.png -------------------------------------------------------------------------------- /images/lab13-01_xrefbase64.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab13-01_xrefbase64.png -------------------------------------------------------------------------------- /images/lab13-02_argoffset.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab13-02_argoffset.png -------------------------------------------------------------------------------- /images/lab13-02_bitmap.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab13-02_bitmap.png -------------------------------------------------------------------------------- /images/lab13-02_customencode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab13-02_customencode.png -------------------------------------------------------------------------------- /images/lab13-02_idagraph.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab13-02_idagraph.png -------------------------------------------------------------------------------- /images/lab13-02_procmon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab13-02_procmon.png -------------------------------------------------------------------------------- /images/lab13-02_xorkeyinit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab13-02_xorkeyinit.png -------------------------------------------------------------------------------- /images/lab13-02_xorsearch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab13-02_xorsearch.png -------------------------------------------------------------------------------- /images/lab13-03_b64loop.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab13-03_b64loop.png -------------------------------------------------------------------------------- /images/lab13-03_badblocklen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab13-03_badblocklen.png -------------------------------------------------------------------------------- /images/lab13-03_blkbuffer.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab13-03_blkbuffer.png -------------------------------------------------------------------------------- /images/lab13-03_cmddecode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab13-03_cmddecode.png -------------------------------------------------------------------------------- /images/lab13-03_cmdresponse.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab13-03_cmdresponse.png -------------------------------------------------------------------------------- /images/lab13-03_emptykey.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab13-03_emptykey.png -------------------------------------------------------------------------------- /images/lab13-03_entropy.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab13-03_entropy.png -------------------------------------------------------------------------------- /images/lab13-03_ivpkt2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab13-03_ivpkt2.png -------------------------------------------------------------------------------- /images/lab13-03_kanal.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab13-03_kanal.png -------------------------------------------------------------------------------- /images/lab13-03_keylen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab13-03_keylen.png -------------------------------------------------------------------------------- /images/lab13-03_mainkey.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab13-03_mainkey.png -------------------------------------------------------------------------------- /images/lab13-03_precrypto.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab13-03_precrypto.png -------------------------------------------------------------------------------- /images/lab13-03_r_initenter1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab13-03_r_initenter1.png -------------------------------------------------------------------------------- /images/lab13-03_wiresharkdata.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab13-03_wiresharkdata.png -------------------------------------------------------------------------------- /images/lab14-01_alert.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab14-01_alert.png -------------------------------------------------------------------------------- /images/lab14-01_b64break.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab14-01_b64break.png -------------------------------------------------------------------------------- /images/lab14-01_b64padding.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab14-01_b64padding.png -------------------------------------------------------------------------------- /images/lab14-01_hwinfo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab14-01_hwinfo.png -------------------------------------------------------------------------------- /images/lab14-01_idapad.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab14-01_idapad.png -------------------------------------------------------------------------------- /images/lab14-01_netcall.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab14-01_netcall.png -------------------------------------------------------------------------------- /images/lab14-02_checkexit.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab14-02_checkexit.png -------------------------------------------------------------------------------- /images/lab14-02_encodeb64.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab14-02_encodeb64.png -------------------------------------------------------------------------------- /images/lab14-02_inetopenb64.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab14-02_inetopenb64.png -------------------------------------------------------------------------------- /images/lab14-02_peviewstr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab14-02_peviewstr.png -------------------------------------------------------------------------------- /images/lab14-03_badorder.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab14-03_badorder.png -------------------------------------------------------------------------------- /images/lab14-03_d_imm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab14-03_d_imm.png -------------------------------------------------------------------------------- /images/lab14-03_d_imm_decode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab14-03_d_imm_decode.png -------------------------------------------------------------------------------- /images/lab14-03_d_sig.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab14-03_d_sig.png -------------------------------------------------------------------------------- /images/lab14-03_headeruse.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab14-03_headeruse.png -------------------------------------------------------------------------------- /images/lab14-03_immdecodeurl.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab14-03_immdecodeurl.png -------------------------------------------------------------------------------- /images/lab14-03_immdecodeurl2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab14-03_immdecodeurl2.png -------------------------------------------------------------------------------- /images/lab14-03_inetbin.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab14-03_inetbin.png -------------------------------------------------------------------------------- /images/lab14-03_jumpcase.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab14-03_jumpcase.png -------------------------------------------------------------------------------- /images/lab14-03_n_imm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab14-03_n_imm.png -------------------------------------------------------------------------------- /images/lab14-03_n_sig.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab14-03_n_sig.png -------------------------------------------------------------------------------- /images/lab14-03_r_imm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab14-03_r_imm.png -------------------------------------------------------------------------------- /images/lab14-03_r_sig.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab14-03_r_sig.png -------------------------------------------------------------------------------- /images/lab14-03_s_imm.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab14-03_s_imm.png -------------------------------------------------------------------------------- /images/lab14-03_s_imm_decode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab14-03_s_imm_decode.png -------------------------------------------------------------------------------- /images/lab14-03_s_sig.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab14-03_s_sig.png -------------------------------------------------------------------------------- /images/lab14-03_uadebug.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab14-03_uadebug.png -------------------------------------------------------------------------------- /images/lab14-03_uaheader.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab14-03_uaheader.png -------------------------------------------------------------------------------- /images/lab14-03_wiresharkevilprog.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab14-03_wiresharkevilprog.png -------------------------------------------------------------------------------- /images/lab15-01_after.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab15-01_after.png -------------------------------------------------------------------------------- /images/lab15-01_before.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab15-01_before.png -------------------------------------------------------------------------------- /images/lab15-01_check.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab15-01_check.png -------------------------------------------------------------------------------- /images/lab15-01_success.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab15-01_success.png -------------------------------------------------------------------------------- /images/lab15-02_clean.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab15-02_clean.png -------------------------------------------------------------------------------- /images/lab15-02_dirty.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab15-02_dirty.png -------------------------------------------------------------------------------- /images/lab15-02_inetopenurl.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab15-02_inetopenurl.png -------------------------------------------------------------------------------- /images/lab15-02_lhostconvert.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab15-02_lhostconvert.png -------------------------------------------------------------------------------- /images/lab15-02_maingraph.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab15-02_maingraph.png -------------------------------------------------------------------------------- /images/lab15-02_mainvars.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab15-02_mainvars.png -------------------------------------------------------------------------------- /images/lab15-02_urlfunc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab15-02_urlfunc.png -------------------------------------------------------------------------------- /images/lab15-03_decodefunc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab15-03_decodefunc.png -------------------------------------------------------------------------------- /images/lab15-03_filedecoded.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab15-03_filedecoded.png -------------------------------------------------------------------------------- /images/lab15-03_fileencoded.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab15-03_fileencoded.png -------------------------------------------------------------------------------- /images/lab15-03_handler_bad.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab15-03_handler_bad.png -------------------------------------------------------------------------------- /images/lab15-03_handler_good.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab15-03_handler_good.png -------------------------------------------------------------------------------- /images/lab15-03_newret.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab15-03_newret.png -------------------------------------------------------------------------------- /images/lab15-03_sehfunc_bad.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab15-03_sehfunc_bad.png -------------------------------------------------------------------------------- /images/lab15-03_sehfunc_good.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab15-03_sehfunc_good.png -------------------------------------------------------------------------------- /images/lab15-03_urldecoded.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab15-03_urldecoded.png -------------------------------------------------------------------------------- /images/lab15-03_urlencoded.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab15-03_urlencoded.png -------------------------------------------------------------------------------- /images/lab16-01_antidebug.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab16-01_antidebug.png -------------------------------------------------------------------------------- /images/lab16-01_debugflag.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab16-01_debugflag.png -------------------------------------------------------------------------------- /images/lab16-01_debugflag0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab16-01_debugflag0.png -------------------------------------------------------------------------------- /images/lab16-01_hidehelp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab16-01_hidehelp.png -------------------------------------------------------------------------------- /images/lab16-01_hidepeb.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab16-01_hidepeb.png -------------------------------------------------------------------------------- /images/lab16-02_beingdebugged.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab16-02_beingdebugged.png -------------------------------------------------------------------------------- /images/lab16-02_findwindow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab16-02_findwindow.png -------------------------------------------------------------------------------- /images/lab16-02_hexpatch_good.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab16-02_hexpatch_good.png -------------------------------------------------------------------------------- /images/lab16-02_hexpatch_mov.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab16-02_hexpatch_mov.png -------------------------------------------------------------------------------- /images/lab16-02_hexpatch_tls.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab16-02_hexpatch_tls.png -------------------------------------------------------------------------------- /images/lab16-02_outputdebug.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab16-02_outputdebug.png -------------------------------------------------------------------------------- /images/lab16-02_pass0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab16-02_pass0.png -------------------------------------------------------------------------------- /images/lab16-02_pass1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab16-02_pass1.png -------------------------------------------------------------------------------- /images/lab16-02_passbytes.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab16-02_passbytes.png -------------------------------------------------------------------------------- /images/lab16-02_pesection.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab16-02_pesection.png -------------------------------------------------------------------------------- /images/lab16-02_strncmp.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab16-02_strncmp.png -------------------------------------------------------------------------------- /images/lab16-02_tlsaddress.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab16-02_tlsaddress.png -------------------------------------------------------------------------------- /images/lab16-03_c1_defeat.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab16-03_c1_defeat.png -------------------------------------------------------------------------------- /images/lab16-03_c1_perfcnt.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab16-03_c1_perfcnt.png -------------------------------------------------------------------------------- /images/lab16-03_dnsreq.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab16-03_dnsreq.png -------------------------------------------------------------------------------- /images/lab16-03_hostname.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab16-03_hostname.png -------------------------------------------------------------------------------- /images/lab17-01_nopill.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab17-01_nopill.png -------------------------------------------------------------------------------- /images/lab17-01_plugin.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab17-01_plugin.png -------------------------------------------------------------------------------- /images/lab17-01_results.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab17-01_results.png -------------------------------------------------------------------------------- /images/lab17-01_sidt_result.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab17-01_sidt_result.png -------------------------------------------------------------------------------- /images/lab17-01_sldt_before.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab17-01_sldt_before.png -------------------------------------------------------------------------------- /images/lab17-01_sldt_beforeafter.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab17-01_sldt_beforeafter.png -------------------------------------------------------------------------------- /images/lab17-01_str_result.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab17-01_str_result.png -------------------------------------------------------------------------------- /images/lab17-02_export.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab17-02_export.png -------------------------------------------------------------------------------- /images/lab17-02_idain.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab17-02_idain.png -------------------------------------------------------------------------------- /images/lab17-02_strings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab17-02_strings.png -------------------------------------------------------------------------------- /images/lab17-03_process.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab17-03_process.png -------------------------------------------------------------------------------- /images/lab17-03_reg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab17-03_reg.png -------------------------------------------------------------------------------- /images/lab17-03_serial.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/lab17-03_serial.png -------------------------------------------------------------------------------- /images/pma12-04_enumproc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma12-04_enumproc.png -------------------------------------------------------------------------------- /images/pma12-04_mainfptr.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma12-04_mainfptr.png -------------------------------------------------------------------------------- /images/pma12-04_sfcdepwalk.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma12-04_sfcdepwalk.png -------------------------------------------------------------------------------- /images/pma12-04_sfcida.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma12-04_sfcida.png -------------------------------------------------------------------------------- /images/pma12-04_sfcload.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma12-04_sfcload.png -------------------------------------------------------------------------------- /images/pma12-04_urldownload1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma12-04_urldownload1.png -------------------------------------------------------------------------------- /images/pma12-04_winexec.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma12-04_winexec.png -------------------------------------------------------------------------------- /images/pma12-1_handle.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma12-1_handle.png -------------------------------------------------------------------------------- /images/pma12-1_inject.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma12-1_inject.png -------------------------------------------------------------------------------- /images/pma12-1_popup.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma12-1_popup.png -------------------------------------------------------------------------------- /images/pma_10-2_driverentry.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_10-2_driverentry.png -------------------------------------------------------------------------------- /images/pma_10-2_setssdthook.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_10-2_setssdthook.png -------------------------------------------------------------------------------- /images/pma_10-2_ssdthook.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_10-2_ssdthook.png -------------------------------------------------------------------------------- /images/pma_10-3_createfile.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_10-3_createfile.png -------------------------------------------------------------------------------- /images/pma_10-3_deviceio.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_10-3_deviceio.png -------------------------------------------------------------------------------- /images/pma_11-1_dllexports.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_11-1_dllexports.png -------------------------------------------------------------------------------- /images/pma_11-1_wlxloggedoutsas.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_11-1_wlxloggedoutsas.png -------------------------------------------------------------------------------- /images/pma_11-1_wlxshutdown.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_11-1_wlxshutdown.png -------------------------------------------------------------------------------- /images/pma_11-1_writecreds.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_11-1_writecreds.png -------------------------------------------------------------------------------- /images/pma_11-2_clients.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_11-2_clients.png -------------------------------------------------------------------------------- /images/pma_11-2_exports.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_11-2_exports.png -------------------------------------------------------------------------------- /images/pma_11-2_imm_posthook.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_11-2_imm_posthook.png -------------------------------------------------------------------------------- /images/pma_11-2_imm_prehook2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_11-2_imm_prehook2.png -------------------------------------------------------------------------------- /images/pma_11-2_ini.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_11-2_ini.png -------------------------------------------------------------------------------- /images/pma_11-2_modop.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_11-2_modop.png -------------------------------------------------------------------------------- /images/pma_11-2_pids_procmon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_11-2_pids_procmon.png -------------------------------------------------------------------------------- /images/pma_11-2_procexp_spool.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_11-2_procexp_spool.png -------------------------------------------------------------------------------- /images/pma_11-2_procmon_ads.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_11-2_procmon_ads.png -------------------------------------------------------------------------------- /images/pma_11-2_readini.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_11-2_readini.png -------------------------------------------------------------------------------- /images/pma_11-2_sendhook.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_11-2_sendhook.png -------------------------------------------------------------------------------- /images/pma_11-2_trampoline.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_11-2_trampoline.png -------------------------------------------------------------------------------- /images/pma_11-2_ws_traffic.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_11-2_ws_traffic.png -------------------------------------------------------------------------------- /images/pma_11-3_hexedit_after.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_11-3_hexedit_after.png -------------------------------------------------------------------------------- /images/pma_11-3_hexedit_before.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_11-3_hexedit_before.png -------------------------------------------------------------------------------- /images/pma_11-3_idamain.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_11-3_idamain.png -------------------------------------------------------------------------------- /images/pma_11-3_k64handle.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_11-3_k64handle.png -------------------------------------------------------------------------------- /images/pma_11-3_k64write.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_11-3_k64write.png -------------------------------------------------------------------------------- /images/pma_11-3_mapping.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_11-3_mapping.png -------------------------------------------------------------------------------- /images/pma_11-3_sc55.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_11-3_sc55.png -------------------------------------------------------------------------------- /images/pma_11-3_sc89.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_11-3_sc89.png -------------------------------------------------------------------------------- /images/pma_11-3_spawns.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_11-3_spawns.png -------------------------------------------------------------------------------- /images/pma_11-3_trojanmap.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_11-3_trojanmap.png -------------------------------------------------------------------------------- /images/pma_3-3_graph.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_3-3_graph.png -------------------------------------------------------------------------------- /images/pma_3-3_ramstrings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_3-3_ramstrings.png -------------------------------------------------------------------------------- /images/pma_5-1_ghbn.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_5-1_ghbn.png -------------------------------------------------------------------------------- /images/pma_5-1_ghbngraph.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_5-1_ghbngraph.png -------------------------------------------------------------------------------- /images/pma_5-1_ghbnxref.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_5-1_ghbnxref.png -------------------------------------------------------------------------------- /images/pma_5-1_inref.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_5-1_inref.png -------------------------------------------------------------------------------- /images/pma_5-1_maingraph1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_5-1_maingraph1.png -------------------------------------------------------------------------------- /images/pma_5-1_maingraph2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_5-1_maingraph2.png -------------------------------------------------------------------------------- /images/pma_5-1_nameguess.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_5-1_nameguess.png -------------------------------------------------------------------------------- /images/pma_5-1_platformfunc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_5-1_platformfunc.png -------------------------------------------------------------------------------- /images/pma_5-1_retcall.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_5-1_retcall.png -------------------------------------------------------------------------------- /images/pma_5-1_rshell.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_5-1_rshell.png -------------------------------------------------------------------------------- /images/pma_5-1_scramblestring.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_5-1_scramblestring.png -------------------------------------------------------------------------------- /images/pma_5-1_sleep.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_5-1_sleep.png -------------------------------------------------------------------------------- /images/pma_5-1_stringdecode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_5-1_stringdecode.png -------------------------------------------------------------------------------- /images/pma_5-1_symname.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_5-1_symname.png -------------------------------------------------------------------------------- /images/pma_5-1_xrefstring.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_5-1_xrefstring.png -------------------------------------------------------------------------------- /images/pma_6-1_printf.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SafeEval/practical-malware-analysis/HEAD/images/pma_6-1_printf.png --------------------------------------------------------------------------------