Reverse engineering
Day 21: HELP ME…I’m REVERSE ENGINEERING!
Answer the questions below
Q1) What is the function name that downloads and executes files in the WarevilleApp.exe?
Answers :- DownloadAndExecuteFile
Q2) Once you execute the WarevilleApp.exe, it downloads another binary to the Downloads folder. What is the name of the binary?
Answers :- explorer.exe
Q3) What domain name is the one from where the file is downloaded after running WarevilleApp.exe?
Answers :- mayorc2.thm
Q4) The stage 2 binary is executed automatically and creates a zip file comprising the victim’s computer data; what is the name of the zip file?
Answers :- CollectedFiles.zip
Q5) What is the name of the C2 server where the stage 2 binary tries to upload files?
Answers :- anonymousc2.thm
Q6) If you enjoyed this task, feel free to check out the x86 Assembly Crash Course room.
Answers :- No answer needed
