|
2
|
Lab 1: 32 bit calling conventions
|
a1f1f37de6b61b1148b813c3415a96be5fe4415a975ba70b1b8feb4441bd4b9d
|
|
all_in_one.exe
The sample was created based on the following code.
```
#…
|
|
|
2
|
Lab 2: x64 fastcall
|
9fac07f878f13c457853b54872d8594bcdbfb8d69214720cfb5fea72dd9cc3f9
|
|
fastcallx64_shadowspace.exe
|
|
|
2
|
Lab 3: thiscall and C++ constructors
|
35c7442ec7a3c6d8fa57efbc10a0931c009524130aae05ef57bb85dace4cdf6f
|
|
BMICalculator.exe
I created this sample based on the following code:
```C…
|
|
|
2
|
Exercise 1: Identify calling conventions
|
450ecb60fae54573d226cba8d791cc4cfb4ede60f8ef4f9072aba37f3cb48543
|
|
1.exe
|
|
|
2
|
Exercise 1: Identify calling conventions
|
c0fad28d6d79d933c7055bf9ace4fb7125ad9e769b5ae07f9117545da89e911f
|
|
2.exe
|
|
|
2
|
Exercise 1: Identify calling conventions
|
8f7f9aea5aa0195659a20d144c387557c3213d6ed744e76374caac199b418572
|
|
3.exe
|
|
|
2
|
Exercise 2: thiscall markup Smartphones…
|
6e0b97ecdb5e9c704cff70cdcc707998547f1e668a7a3eaf5b00693257dc0011
|
|
Smartphone.exe is based on the following code
```
#include
#include
c…
|
|
|
3
|
Lab 2-4: C++ string deobfuscation
|
9a57919cc5c194e28acd62719487c563a8f0ef1205b65adbe535386e34e418b8
|
|
The file is named "sample". This is a C++ sample with encrypted strings
|
|
|
4
|
Lab 1: Identification of WinAPI based c…
|
461f8a55ea2eecfcc26562326af4b56fbaf8e4957a4a6e0b75bec8ee90ace078
|
|
This is medusa ransomware. It has a very typical file encryption procedure.
|
|
|
4
|
Lab 2: Identify and markup an implement…
|
5898dbacd0994f5dfe95bbc3b092c7c89b12dee8e2caeb2c0f29869bb9f345c8
|
|
6368d985eb6fe_32c5478d8.exe
This is lgoogloader, a sample which was already…
|
|
|
4
|
Exercise 1: Static decoder for next lay…
|
9eeccb8657707c2562a7787d51dbf8bd2e414a00efe6715eb86218cb0dd477af
|
|
decoded.dmp
Use this file if you want to start with the exercise right away.…
|
|
|
6
|
Lab 1-6: Yara X
|
16e0348b61a01166a370d52dde2102933a055fb9a54ed88df32b50db66f9ba7a
|
|
Contains the following files:
* yarax_samples/454bd68088f17718527b300134cae3…
|
|
|
7
|
Lab 1-2: Creating code based patterns
|
79e067a4732eb9dea7d100a7b94de737d8178b6c858f56b6ef6dd2b07ee656af
|
|
code_variants.zip contains the following files:
* code variants_debug_variant1…
|
|
|
8
|
Lab Houdini 1-2
|
1b66c6a15bdb715740331092e1b45ce8d73dcf771117e010e8d9a9b2db139b3b
|
|
houdini.zip contains
`b66c6a15bdb715740331092e1b45ce8d73dcf771117e010e8d9a9b…
|
|
|
8
|
Exercise 1: Unpack VBScript Malware
|
78acbdbb2dcf29926bd6e0981b2ecb5c082464d53041d9d1adff2deacb89bb1f
|
|
VBS.zip contains:
`78acbdbb2dcf29926bd6e0981b2ecb5c082464d53041d9d1adff2deac…
|
|
|
8
|
Lab Cryptbot: Unpacking with SetThreadC…
|
7ccda59528c0151bc9f11b7f25f8291d99bcf541488c009ef14e2a104e6f0c5d
|
|
cryptbot.zip
contains the file `7ccda59528c0151bc9f11b7f25f8291d99bcf541488…
|
|
|
8
|
Exercise 2: Unpack with debugger and br…
|
c80a8e2de7ab3cb4dad0db41f677dc54ea4f80d93b9cde97676c45273e1c6c04
|
|
loyetro.zip,
contains the file `c80a8e2de7ab3cb4dad0db41f677dc54ea4f80d93b9c…
|
|
|
8
|
Exercise 2: Unpack with debugger and br…
|
49a48d4ff1b7973e55d5838f20107620ed808851231256bb94c85f6c80b8ebfc
|
|
locky.zip
contains `49a48d4ff1b7973e55d5838f20107620ed808851231256bb94c85f6…
|
|