After a successful breach, the SOC team found an executable, but they could not know what it does, so they sent it to you for further analysis.
What is the md5 hash of the file?
What is the value of entropy?
What is the number of sections?
What is the entropy of the .text section?
What is the name of the technique used to obfuscate string?
What is the API that used malware allocated memory to write shellcode?
What is the protection of allocated memory?
What assembly instruction is used to transfer execution to the shellcode?
What is the number of functions the malware resolves from kernel32?
The malware obfuscates two strings after calling RegisterClassExA. What is the first string?
What is the value of dwCreationFlags of CreateProcessA?
Malware uses a process injection technique. What is the name of it?
What is the API used to write the payload into the target process?