Proj 7x: Analyzing Malicious Windows Programs (Lab 7-2) (15 pts.)

What you need:


You will practice the techniques in chapter 7.

You should already have the lab files, but if you don't, do this:

Downloading the Lab Files

In a Web browser, go here:

Download and unzip the lab files.

Follow the instructions for Lab 7-2 in the textbook. There are more detailed solutions in the back of the book. The only purpose of this document is to explain what image to turn in.

Unicode String

Use an appropriate tool to display Unicode strings. You cannot do this with IDA Pro Free.

When you display the URL shown at the bottom of the image below, capture a full-desktop image.

Save this image with the filename "Proj 7xa from YOUR NAME".


Use IDA Pro Free to find the value of rclsid. It's spread across several lines of assembly code, as shown below, but you can reassemble it to form a single 128-bit value starting with 2DF0 and ending with 0046.

Save a full-desktop image showing the value of rclsid, as shown below.

Save this image with the filename "Proj 7xb from YOUR NAME".


Find the rclsid in the Registry.

Save a full-desktop image showing its value, including the fields grayed out below.

Save this image with the filename "Proj 7xc from YOUR NAME".

Turning in your Project

Email the images to with the subject line: Proj 7x from YOUR NAME

Last modified 9-30-13 4:43 pm