Your manager asks you to analyze a file for him. He gave you the hash for the fi

Question

Your manager asks you to analyze a file for him. He gave you the hash for the file and asks you to answer the following questions related to the file. Luckily, the file is in Virustotal and you can answer all the questions he asked from there without looking or analyzing the actual file.

File Hash: 9f553c433f371ae7378459601408106a82b98afb43f09decff20cf3e3333b25d

**Please do not download or try to analyze this file, it is extremely malicious. Everything you need to answer these questions is on Virustotal**

1. How many sections does the file have? List all the section names.

2. How big is the file?

3. How many dlls are imported by the file?

4. What are the tags given to the file? Research the second tag (cve-2017-0147) and give a short description as to what it is.

5. From what you researched so far about the file, how do you classify the file as? (i.e. what do you think the file is?)

Explanation / Answer

1) The file have 4 sections. They are :

2) The size of the file is 3.55 MB.

3) Seven dlls are imported by the file.

4) Tags given to the file are: peexe, cve-2017-0147, exploit

The second tag (cve-2017-0147) refers to the the SMB vulnerability in windows. The exploit code was written targetting windows 7 and windows Server 2008 and previous versions which are not updated. After the incident, a vulnerability patch was released in the year of 2017 in March.

5) The file can be classified as a ransomware and also a worm. I think the file is WannaCrypt ransomware.

Related Questions

Navigate

• Browse (All)
• Browse Y
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.